We'll need to verify on each API call that the client id supplied is capable of making the API call (based on their api permissions)
We'll need to verify on each API call that the client id supplied is capable of making the API call (based on their api permissions)