Securing Rest endpoints / Scopes


I’ve secured a C# Rest API, using okta token and a single scope. Now the API has to grow and I require to enforce different permission for two different endpoints and so the question is what is the recommended way of doing so?. Can it be assigned different scopes to two different controller methods within the same API, or should I aim at using “Authorize” attribute or there is another better way of doing so?

Should I restrict each endpoint with “Role” or using policy /claim