Auth0 Home Blog Docs

Authentication tokens for APIs

So As I understand it you recco0mmend using my user’s authentication token to validate calls to my APIs. Is there a way I can validate from my API server that a given token is valid (and ideally which sub ID it belongs to)?

From your description you’re trying to leverage API authorization functionality so a good starting point would be to check the information available at (https://auth0.com/docs/api-auth) and links specific to your scenario (SPA client application, mobile client application, etc).

In addition, the information at (https://auth0.com/docs/api-auth/tutorials/verify-access-token) would be particularly relevant for how to validate an access token issued for a custom API. After validation you can use the value of the sub claim to identifier the user for who the call is being made.