which describes the flow of how the API key and secret are used, but then I also saw this post
Definitely the first link is more up to date, but I just wanna know if this approach is still the recommended approach if the goal is to provide some sort of credential for clients to use our API.
Is providing the API key/secret → use such key and secret to call for token → access API with token still the right approach? I’m not sure how jwt comes into play here honestly
There are no immediate plans, at this point, I’m afraid, to implement API keys.
You can add this feature request at Auth0: Secure access for everyone. But not just anyone., explaining your use case and why it would work better in your scenario than the client-credentials flow. This feedback goes directly to Product, so it’s the best way to voice these types of needs.