About Zero Trust Access policies

Hi,

I am controlling access to a private application with a Zero Trust access policy.

  • Frontend application
    https://[MY DOMAIN]
    I have registered an ALLOW Action.
    The Selector is Warp.

And I am also providing an API on the same domain.

  • API (https://[MY DOMAIN]/api)
    I am planning to add a separate application for the API and control access with a SERVICE AUTH Action.

However, there may be cases where the frontend application needs to access the API.

In this case,
would it be a problem to set the policy for the API application to the same condition as the frontend application (Selector is Warp) and set the Action to BYPASS?