It is possible on GitHub to authorize 3rd party app/service to only access a single repository. I did not find such possibility for GitLab, it seems that you can only give access to everything. Is it correct or there's a better way?
What you are looking for is Project Access tokens. You can limit them for different scopes and assign them even project based permissions, like Maintainer
,Developer
,Reporter
etc.
You can find them within the project at Settings > Access Tokens
.
In the meanwhile there is also a possibility to do this for Groups - you will find it at the same place within a group.
With those Settings you can give dedicated access to a single repository, even write access. If you only desire read access without api eg for deployments take a look at Deploy Tokens
within Settings > Repository