Hi @Sharee Huddleston,
You could create a Microsoft Entra ID application like below
And use the below PowerShell script to restrict SharePoint API permission to a specific site
$siteUrl = “https://xxx.sharepoint.com/sites/xxx”
$clientId = “AppClientID”
$certThumbprint = “Thumbprint”
$tenant = “xxx.onmicrosoft.com”
Connect-PnPOnline -Url $siteUrl -Interactive
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions “Write” -Site $siteUrl -AppId $clientId -DisplayName “PowerShell-SharepointOnline”
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions “FullControl”
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.