Auth0 Support for API Keys and Personal Access Tokens

Problem statement: Does Auth0 support the concept of API keys or personal access tokens (think GitHub)?

Answer: Auth0 does not provide a solution for personal access tokens. If this is something you are interested in, please upvote this feedback request.

Regarding API keys: A client credentials grant is more or less equivalent to an API key - The primary difference being that API keys are typically validated by the API itself whereas client credentials are exchanged for a token at an authorization server. The token is then sent to the API which can also validate it.

A client credentials exchange can be achieved by utilizing a non-interactive (Machine to Machine) client/application authorized to access the necessary API(s). The client credentials of the M2M app created in Auth0 can then be shared accordingly.

Important: Client Credentials should be handled with caution and used in only confidential applications.

Resources :books: :

Related Topic: