API without web interface

ViBC27 · September 11, 2020, 9:06am

Hello! Initially I want to say that I am new to the community and also to the programming.

I am building an API with Node, Express etc and I need to protect my private routes. My problem is to identify what would be the best approach provided by Auth0 for my API. Initially, I want to use my API through a website and, in the future, use it in a mobile application. I would not like to use authentication web pages in conjunction with the API. I wanted to use a method in which information such as username and password was passed to my API without an interface. The interfaces will be in charge of the website and the application.

I am Brazilian and, since now, I apologize if my English is wrong. I’m actually using Google Translate, haha!

john.gateley · September 11, 2020, 2:57pm

Hi @ViBC27

To access an API, you need an access token. The best way to get an access token is to login via a web page. You log in, establish a session (which can last a long time) and get an access token (which can be renenewed for as long as the session exists).

Passing around usernames and passwords is not recommended.

John

ViBC27 · September 11, 2020, 6:50pm

Thank you, John.

Finally, should I create an API or Regular Web Applications, or both, in the Auth0 dashboard?

Vitor Barcelos.

john.gateley · September 14, 2020, 2:14pm

You will need both. The Web Application is the application used to get the access token (or get a new one). The API is the audience of the access token.

John