Allow third party access to API


I need to allow an access to API for 3rd party developers.

For example: my Customer has an external e-shop and hires a Developer to make an integration (send e-shop orders to my API). Developer creates somewhere a background job, that connects to e-shop, fetch data and upload it to my API.

As far as I understood OAuth schema, Developer should create an application, get ClientID & ClientSecret and use it with Client Credentials Flow or Resource Owner Password.

However, without having ClientID, there is no suitable method how to get an access token to access API, right?

Hi @luke1988,

In a nutshell, yes - the customer’s application will need to be able to generate access tokens to call your API, and to do this they will need a client creating and the Client ID and Client Secret issued to them.

I would recommend using Client Credentials flow over Resource Owner, as the customer’s API is classed as a third party who shouldn’t be handling a user’s password and won’t have the same high degree of trust as an application you own (for example).

1 Like

Andy thanks for your reply! Is there any limit in Auth0 for count of applications? I have to create an UI in my application which will allow users to create their own 3rd party applications in order to have valid Client Credentials flow. I think there will be a lof ot applications over a time


Hi @luke1988,

It depends on your plan, as there are entity limits applied on some plans: