I am working on SharePoint online site, and as part of the system, we have a list of Assets and a list of Spare Parts. now those 2 info are been stored and managed inside a 3rd party system which does not provide a API.

But i need this data inside our system. now the 3rd party system can post and read the data from SharePoint using REST API.. for this i can create and register an App inside azure https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app .. The real issue is that i can only restrict access for the register azure app to certain site/s without been able to restrict the access to specific lists/libraries, and i do not want to directly give the app registered (which will be used by the 3rd party system) access to the whole current SharePoint site. So for this i am thinking of creating a new site to store the pushed data from the 3rd party system, then i can implement a power automate flow to read the data from the new site to the current site on scheduled basis.. can anyone advice if my approach sound valid? at the end I do not want to give the 3rd party access to all the whole site, as this can break the data if a mistake was performed by the 3rd party and they update the wrong lists/libraries.

any advice on this ? and my suggested approach?

Thanks