Get AccessToken to authorize API

Hi there,

I have just started with Auth0, got through some videos read the docs and made an small local nodejs client app (localhost:3000) that could authenticate using the forms from Auth0.
Then i took a look howto protect an Api and how to access it from that client.
What i have so far:


  • NodeJs Client App on localhost 3000
  • NodeJs API on localhost 3001 - sample code from Auth0 doc that checks the jwt token


  • Created an Client called ExpressClient (set the urls; login with id-token works with NodeJS client app)
  • Created an API called ExpressAPI
    • Setup M2M and authorized the “ExpressClient”


  • Added route “/token” with code to get an accss-token
var options = {
    method: 'POST',
    url: '',
    headers: {'content-type': 'application/x-www-form-urlencoded'},
    data: {
      grant_type: 'client_credentials',
      client_id: process.env.CLIENT_ID,
      client_secret: process.env.SECRET,
      audience: process.env.API_IDENTIFIER

   .then( (response) => {    
      `<h1>My Token</h1>    
  .catch((error) => {
      `<h1>My Token</h1>    


The result is always an 401.
I expected by the given configuration in, that my client is recognized by client_id and Secret
and so i would get back an access_token.

What am i doing wrong here?

Thanks and regards

Hi @camediaonline,

Welcome to the Auth0 Community!

Have you authorized the application to request a token for the API? Does the error provide any more information?

Hi Dan,

on “Applications > APIs”, Tab “Machine to Machine Applications” i set client to authorized. I did not expand the client item there and did not set any further information, said “Permissions”.

I have tried two different approaches:

NodeJS Client App

  1. using content-type: application/x-www-form-urlencoded
error.response.status: 401 
  {"error":"1"," error_description":"2"},
  1. using content-type: application/json
error.response.status: 403
   "unauthorized_client","Grant type 'client_credentials' not allowed for the client.",

I’ve also tried using Postman with application/json there i got also 403 and it produced an log entry in Dashboard, but not when using the NodeJS Client App.

That’s it. I hope you have some ideas for me…

Thanks and regards

I think it might be how you are encoding your form data. See this doc:

Hi dan,

thanks for your reply. I think that was the problem for the 401 error caused in the client app.
Now i get an 403, and this time it is also shown in the logs.

So the main problem seems to be the grant type and that client_credentials are not allowed for the client. If i now have understood it the right way, this flow is reserved for M2M Applications, and i have configured the client app as “Regular Web Application”. So i need to follow an other kind of flow. I will try these out first.

Thanks again. I will accept your answer as the solving one, because in this case it’s the 401 that misleaded me, and for that you pointed to the solution. The 403 error is the right one, that gives the feedback what really is wrong in the way i try to receive an access-token.

Feel free to correct me if i’m wrong.

Thanks and regards

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.