Nowadays, most of the enterprise applications are built with a collection of REST APIs. These APIs are being used by wide variety of users and devices. Due to the expanding consumer base, the application developers have to focus on limiting the API access in order to make sure that only the authorized parties have access to respective resources/services.

WSO2 API Manager offers following fine grained API access control mechanism to restrict the API access to desired user groups only.

Fine Grained Access Control Using Scopes

Fine Grained Access Control Using XACML