Is it possible to restrict certain admin to API/user/token access only and disable webui for him?
You can set a web ui policy login_mode=disable.
But this will also block the REST API access for this user.
However, the web ui is only a frontend for the REST API, a crutch, a template. So there is no deaper sense in blocking the UI but allowing the REST API. The user could still do all the same tasks!