Overview
The Auth0 service allowed passing a q parameter when retrieving a client’s list via the Management API without triggering additional validation when processing the request. More specifically, the q parameter would be treated as an unrecognized parameter for the GET /api/v2/clients endpoint, thus allowing any value to be present.
After June 12, 2025, the service will roll out a change to ensure that requests to that endpoint, including a q parameter, are handled as requests to filter the returned client list based on the query value in the q parameter.
The above implies that the request may fail if the q parameter value is not a valid filter query.
Applies To
- End of Life (EOL)
- Management API
- Retrieve Clients Endpoint
Cause
The endpoint to retrieve clients must allow query-based filtering to support use cases related to machine-to-machine access for organizations.
Tenants with Management API requests dependent on the original behavior received notifications ahead of the change to migrate away from the deprecated behavior.
Solution
When calling the GET /api/v2/clients endpoint, ensure that:
- If the “q” parameter is included, it is passing a valid filter query.
- If filtering is not required, do not include a “q” parameter in the request to avoid errors.