Best Practices for creating an authorization server for API Management (Client Credential Flow) Skip to main content
https://support.okta.com/help/answers?id=9060z00000078guqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
John HinesJohn Hines 

Best Practices for creating an authorization server for API Management (Client Credential Flow)

I’ve been tasked with implementing an OAuth2 Client_Credential flow to secure our internal services. Instead of creating an authorization server per API with a couple scopes and maybe 1 policy, could I create just one authorization server with many scopes but add per client application policies to restrict access?
Tomas PopescuTomas Popescu (Vendor Management)
Hello,

My name is Tomas and I'll be assisting you with this question.
There are no best practices for this, but this can be achieved by creating multiple rules inside the Access Policies. I have inserted the link for the documentation regarding this matter below:

#Link: https://developer.okta.com/use_cases/api_access_management/#api-access-management-with-okta

Best Regards, 

Tomas Popescu,
Technical Support Engineer