As I'm having product level admin access for launch/analytics. One of our user requesting me to provide API level admin access to their team users(but purpose to provide only for one website dev/test/global report suite's). I don't find any separate feature to provide API level access. All i'm able to create profile and provide the necessary access. (all I want to give specific report suite/property access).
Is there anything specific things to be done for API level access?
It depends on how much control over their own integration you want to share with that team. You have roughly four options:
1. For v1.4 API (which is completely tied to that user's login/permission scope), you need to give them "Web Service Access" through some AA product profile. Then provide the user their credentials from Analytics > Admin > All Admin > Web Services.
2. Give them full "Developer" permissions within the Admin Console (under Users > Developers). This lets them setup and maintain pretty much any v2.0 integration, but they may still need System Admin permissions to use User Management API or Privacy API.
3. Create a specific product profile which just contains the report suites/dimensions/metrics you want them to access data from, and, from the product profile, set them as a developer. Now when they maintain their own v2.0 integration within the I/O console, they can only select Analytics API and only the profile you've specified. (Be sure to appropriately name and set a description for this profile since, to other sys admins, it may appear unused with no users)
4. Create the v2.0 API yourself in the I/O console. Make it either OAuth based, and so they just need access to that report suite from their own user account, or make it JWT using a product profile that only has access to that report suite. It is sufficient to just provide the credentials from that project.
For option 4, it is important to note with JWT that the public-private certificates uploaded for authentication have an expiration date. If you are maintaining the project yourself, you will need to be mindful if the certificate is about to expire and if it will impact their workflow.
In this case, it sounds like option 3 is what you actually want.