Marketo Authentication Token - Launchpoint Service or API User Based

Marketo allows users to create more than one service (custom/native) in Launchpoint for a single API user!

Not that it is a best practice to create multiple services using a single API user or use the same service's creds in multiple integrations (for the reasons stated at the end of this post), but on a pure platform level, Marketo doesn't restrict users in doing so.

The access tokens that are generated using the API service's credentials (Client Id and Secret) are owned on a per-Custom-Service basis and not on a user basis. Even though two "Identity" endpoint responses may be scoped to the same user, the access tokens and expiration periods will be independent of each other if they were generated with credentials from two different services.

This information will undoubtedly come in handy when users have multiple sets of API credentials in the same integration service. In such cases, the Client Id can be a useful key for managing access tokens and associated expiration periods independently!

N.B. - To have fine-grained control over permissions and track API usage on a per-integration basis, it is recommended to have a separate API user and corresponding Launchpoint service for each integration.