We have a requirement that we want to restrict the operation/Method at consumer level not at API Level?
Is this can be done because as of now if we restrict the operation it is effecting to all consumers but we want this can be done at specific consumer
From support, we suggested if the scopes can help. However, customer came back with the following observation:
“I have created multiple scopes for one scope I selected one operation and the security i provided is APIKey and for other i selected another operation and the security provided is APIKey.
But when I assign application to the API it will execute both the operations because the application cannot identify the scope.
This scope will work when some operations wants to use http basic authentication and some operations uses APIKey in that case the scope is the best option to work.”
Please let me know if this requirement can be met or if this comes as a feature request.