API without web interface

Hello! Initially I want to say that I am new to the community and also to the programming.

I am building an API with Node, Express etc and I need to protect my private routes. My problem is to identify what would be the best approach provided by Auth0 for my API. Initially, I want to use my API through a website and, in the future, use it in a mobile application. I would not like to use authentication web pages in conjunction with the API. I wanted to use a method in which information such as username and password was passed to my API without an interface. The interfaces will be in charge of the website and the application.

I am Brazilian and, since now, I apologize if my English is wrong. Iā€™m actually using Google Translate, haha!

Hi @ViBC27

To access an API, you need an access token. The best way to get an access token is to login via a web page. You log in, establish a session (which can last a long time) and get an access token (which can be renenewed for as long as the session exists).

Passing around usernames and passwords is not recommended.

John

1 Like

Thank you, John.

Finally, should I create an API or Regular Web Applications, or both, in the Auth0 dashboard?

Vitor Barcelos.

You will need both. The Web Application is the application used to get the access token (or get a new one). The API is the audience of the access token.

John