Hi all,
I have several applications and services (underlying APIs) on my Architecture. For me it is clear that the applications require each one of them its own client with Authentication Code flow. My doubt is, the underlying APIs should each one of them have its own client registration? And in case those APIs call other APIs under the hood, should they exchange the token generating a new one?
Thank you