The OCI API Gateway can use a function (FN) as an authorizer via custom authentication. However, if no additional component is to be used for customer-specific authentication, the client's JWT assertions can be used here. The benefit of this solution is that authorization can also be used via scopes in the routes. The following blog shows this.