In “your domain”, I put the domain of the Regular Web Application itself, in API_ID, I put the ID of the API that takes care of my permissions, the access token is my regular user token with the permission: “update:resource_servers”.
However, I get the error:
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Bad audience: https://{my api audience from my custom api} {my domain}.uk.auth0.com/userinfo"
}
How do you get the token that you later use to call the management API?
Can you please try to get/request a new token setting the audience to be Management API Identifier (the value from the screen below):
The reasoning is that this token allows you to call the management API thus when requesting a token for it, the audience must be set to the Management API Identifier.
Also please make sure that this token has scopes sufficient to create new permissions for your custom API.
I’m using the auth0 client ID and auth0 client secret from my normal web application with the auth0 public custom API (not the system API). I think this is why it’s not working, because I get an API explorer in my system API and this works.
Do you have any documentation to recommend reading about this? I’m lost about the workflow to use custom API