If your organisation is managing the API, you shall want to manage the authorisation server.

If your organisation is managing the API, you shall want to manage the authorisation server. Use application-level authorisation if you’d like to control which applications can access your API, but not which specific end users. It is suitable if you want to use rate limiting, auditing, or billing functionality. Application-level authorisation is typically not suited…