No problem I’m happy to help where I can and thanks for following up!
I’d be curious as to the need for HS256 in your use case? The default (and recommended) signing algorithm is RS256 as you’ve noticed. Some more on signing algorithms in particular can be found in this FAQ:
When registering an API in Auth0 the identifier is typically the URL of the API that the API as it exists in Auth0 represents. Basically, you would use this identifier as the audience in an authorization flow where the token returned is verified on your end for said API. The following article goes into more detail regarding the validation of Access Tokens by an API: