Focuses on API authentication, access scopes, and permission management.
I think it's set up right, but I don't know why it's not working.