Hi there @avenhard! Sorry for the delayed response on this one but wanted to throw out a couple options
Another SPA could retrieve tokens with your API identifier as the audience - It depends on your specific use case, but it may be worth looking into using RBAC and/or adding a custom claim to the access token to include the client_id (event.client.client_id in an Action) which you could add to the check you perform on your end.
Please see this article for more on Actions and the following FAQ related to adding custom claims to tokens:
