1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name, up to 64 characters long.

    Special characters and spaces are allowed.

  4. From the Type list, select OAuth Client.
  5. In the Client IDs section, enter one or more Client IDs that allow access. To add additional fields, click + New Value.
  6. Optional: If you want to configure rejection handling, click Show Advanced Settings, and then from the Rejection Handler list, select an existing rejection handler that defines whether to display an error template or redirect to a URL.
    Note:

    You can include information about missing Client IDs in the rejection response using the $info variable.

    For example, if you are using the Default API rejection handler, you could edit the <PA_HOME>/conf/template/oauth.error.json file and change this line: {"$Encode.forJavaScriptSource($header)":""}

    to

    {"$Encode.forJavaScriptSource($header)":"#if($info)$Encode.forJavaScriptSource($info)#end"}

  7. Click Save.