WebApi that needs to check User's Group Claims

Please advise me on the best way to handle this.

I have an Angular + .NetCoreWebapi portal running using Okta AuthCode tokens. It’s multi-tenant so we examine the claims and set the user’s database connection string to his db. This works fine. If you try to access a backend method directly you would be forwarded to the Okta login page.

I have a new request to provide a WebApi to the users so they can call it on a scheduled basis. Is there any way I can just add an ApiController to my existing portal and setup the security for that resource differently? I know technically I can check the route in the startup.cs file but can I provide a REST mechanism for the customer to request an access token based on some service account credentials? Then he’d already have a token when he gets to me that would (hopefully) belong to one of my customer groups.

Please let me know if this would work or if there’s a better approach! Thanks!!!