Hi all,

(Repost from question in Developer Community where I removed this question because of no response and this might be the better location)

So my scenario:

We have created a couple of scoped applications providing API's to external systems, allowing them to GET, POST etc..
For these API's we are using OAUTH 2.0, where Servicenow acts as the Token provider (So external applications request an access token form ServiceNow using refresh_token)

In order to make Servicenow a token provider for these external system/clients we have set up an Application Registry  (type: OAUTH Client)./ This all works fine

The question I have is what is the best practice for creating these Application Registries? 

• Do you create an application registry for every external system? So system 1,2,3 with then their own client_id, secret, together with an user account(token)
• • It doesn't matter wat they access in servicenow
  • For example:
  • • External client 1 registry
    • • External client 1 (own account/token)
    • External client 2 registry
    • • External client 2 (own account/token)
    • External client 3 registry
• Do you create an Application Registry per scoped application (what we have done now)
• • All external applications/clients use the same client_id, secret, (refresh/access) token based on the account we set up per external system/client
  • For example:
  • • API scoped app 1 registry
    • • External client 1 (own account/token)
      • External client 2 (own account/token)
    • API scoped app 2 registry
    • • External client 1 (own account/token)
      • External client 2 (own account/token)
      • External client 3 (own account/token)
    • API scoped app 3 registry
• Do you create 1 registry used by all