@Almaany, Omar Assuming you have API-1 and API-2. You can enable the negotiate client certificate and simply let your client ignore the certificate request and as long as API-1 does not have a logic to validate the certificate, the call will not fail and will be handled as usual. If you have custom client code or tool to make requests, it will work fine without specifying any certificate for API-2 but if the request is coming from the client browser, then the browser may ask for any certificate depending on the browser. For the second API-2 you don't have to write the policy to validate the certificate but browser will still ask for any certificate to be passed. You need to write the validation policy for certificate in the API level.
The alternative would be setting up multiple custom domains for the gateway endpoint and set the negotiate client certificate on one domain and ignore it for the other, with that you can call API-1 from domain-1 and API-2 from domain-2, but keep in mind that both Apis will continue to be callable using any of the custom domains, so this is inefficient and pricey solution.