To determine whether the logged in user is an administrator, the API Services rely on the system authentication to execute a named condition against the system. If the condition returns True, the condition adds a claim into the OAuth access token to identify the user as an Administrator.
The following example condition shows how a user belonging to the SystemAdmin access group can be granted administrator access to the API Services:
<SPFCondition>
<IObject UID="CND_IsCurrUserAdmin" Name="IsCurrUserAdmin" Description="Is the current user an administrator" />
<ISPFCondition SPFConditionDefn="( instr (Env.ACCESSGROUPSFORUSERINQUERYCONFIG, 'SystemAdmin') > 0 )" />
<ISPFAdminItem />
<ISPFSubscribableItem />
</SPFCondition>