The easiest way for you to accomplish that is by performing a client credentials grant from the rule itself. You would represent the API within Auth0 and configure it so that RS256 tokens are issued to it, then you would authorize a suitable client application to perform a client credentials grant.
Finally, you could then do the following from a rule:
function (user, context, callback) {
var request = require("request");
var options = { method: 'POST',
url: 'https://[your_account].auth0.com/oauth/token',
headers: { 'content-type': 'application/json' },
body:
{
grant_type: 'client_credentials',
client_id: '[your_cc_client_id]',
client_secret: '[your_cc_client_secret]',
audience: '[your_api_identifier]',
},
json: true };
request(options, function (error, response, body) {
if (error) return callback(error);
// Call API with body.access_token...
callback(null, user, context);
});
}