I have a System Management API with all scopes with an audience https://audience/api/v2 that has the scopes. I also have an SPA with clientId and clientSecret. I want to use this API (or any API) to add/delete users in my SPA. However i don’t see an API tab on my SPA or any way to link the API to my SPA.
When I make a request like https://audience/api/v2/users/auth0|dskjfdksfn using the bearer token from my SPA clientId and Secret i get a 403. How can I use an API to manage my SPA?
Hi @liam_adams,
Thanks for joining the Community!
The Management API can only be used for a limited number of things from a SPA such as updating user metadata:
Creating and deleting users directly from a SPA is not allowed, but you can do such things from your own custom API by creating a Machine-to-Machine application:
You can authorize the Machine-to-Machine app to use the Management API with the specific scopes you require. You can then register your API as a custom API and use its identifier in the SPA:
Here are the docs for using the management API in production: