Hi All,

We have a requirement where we need to expose the CPI WebService to an external system but using OAuth authentication method.

I have referred below blogs which explain the same:

Blog1

Blog2

However, my concern is that using the Bearer token, any iFlow (which has OAuth authentication in our tenant) can be accessed by the external system. We need to restrict this access to a particular iFlow related to the external party itself without sabotaging the security of other iFlows.

We found a blog 3153804 addressing this issue. As per the blog, we need to create a new custom role and then a new instance in the BTP Cockpit so that the access can be restricted. Does it mean that for each new iFlow, we have to create a new custom role/instance every time in the cockpit, reason being any iFlow having same role/instance can be accessed/triggered using the Bearer token.

Isn't there a way where this access can be restricted for each iFlow on Tenant/iFLow level, without having the cockpit configured each and every time?

Request your help in getting some resolution to my query.

Please let me know if anything is required from my end.