Hi,
I am applying the Client ID Enforcement Policy as an automated policy to all APIs. However, I was wondering what the most efficient way is to enforce manual approval of all access requests or prevent access requests from Exchange.
The scenario is to limit access requests to a handful of people responsible for creating client applications. I am trying to limit the situation where multiple developers all have their own apps, e.g. mike_app, brent_app, etc that need to be managed over time.
This will require:
1. Enforcing Client ID policies.
2. Manually approving access requests - no auto approval.
So far, the solution has been to
1. Apply an SLA Tier with manual approval to all APIs (set at a high value) so that any access requests can only be approved by authorised users with API Manager access. This is a little clumsy as the dummy SLA Tier needs to be applied to and managed for all APIs.
2. Somehow prevent people from even being able to request access in the first instance - not sure how to do this if they already have "Exchange Viewers" access?
Would anyone have any recommendations?
Thank you.
