API terminology
There is some terminology that we need to go through to be able to understand all aspects of API management and API access management:
- API product: An API product is an application comprising multiple API endpoints. These endpoints serve various needs and use cases but share a common authorization server. API products are what users log into using OIDC with an ID token.
- API: APIs consist of endpoints that facilitate data exchange between systems based on requests and access permissions.
- Authorization server: An authorization server is the heart of OAuth 2.0, generating access tokens by utilizing Okta’s scopes, claims, and access policies. In Okta, it’s common to create one server per API product, although multiple products can share one. The server is designed to address specific use cases rather than individual endpoints.
- Scopes: Scopes are operations performed on your API endpoints. They are built into the application, and access...
