Allowed origin for Management API

Is there any way to only allow calls from specific origin to Management API?
I mean that if a user have the Management API Token, their requests will be rejected by Auth0 if their origin is not allowed
I tried to config the Allowed Web Origins fields in API Explorer Application but it’s not working. My request from other origins still work

Hey not sure about that, but let me research the field and get back to you!

1 Like

Hi @konrad.sopala, is there any update about my problem?

Hey there @huyennbl!

I still didn’t get the info back from appropriate team. Let me reping them and get back to you as soon as possible!

Allowed Web Origins is only relevant during the authorization process (the process to retrieve the access token). It has nothing to do with the requests against a backend/API where you use the access token for (in this case, the Management API).

I don’t see a way to restrict it, unless you run Auth0 in Management Private Cloud mode in your own AWS environment and handle it on the firewall level there.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.