Should your organisation is managing the API, you will want to manage the authorisation server.

Should your organisation is managing the API, you will want to manage the authorisation server.

Use application-level authorisation if you’d like to control which applications can access your API, but not which specific end users. That is suitable if you want to use rate limiting, auditing, or billing functionality. Application-level authorisation may not be suited to APIs holding personal or sensitive data unless you truly trust your consumers, for example. Continue reading “Should your organisation is managing the API, you will want to manage the authorisation server.”