Application authorization vs User authentication


Our user authentication and user roles/permissions are already managed outside of auth0.

What we need is to secure our API resources and only allow authorized Applications (Backend web apps including SPAs) to access resource endpoints.

So by the time an api call needs to be made to the resource endpoint, the user is already authenticated, but we want to protect the API resource from unauthorized users/applications.

Is Auth0 suitable for our usage?
Would we need to sync our users with Auth0?