How to restrict application clients updating {{url}}/api/v1/apps/{{appId}} by using clientid and secrets so that they can’t update the application attribute because anyone with clientid and clientsecret can update it so it should not happen.
I don’t think you can update application in Okta w/o having admin privileges granted. How exactly are you doing those updates, if you care to explain?