Granting API Access to Applications with Terraform

Problem statement

How does one grant API access to applications with Terraform?


This can be done using the auth0_client_grant resource.

Here’s an example:

# The following example grants a client the "create:foo" and "create:bar" permissions (scopes).

resource "auth0_client" "my_client" {
  name = "Example Application - Client Grant (Managed by Terraform)"

resource "auth0_resource_server" "my_resource_server" {
  name       = "Example Resource Server - Client Grant (Managed by Terraform)"
  identifier = """

  scopes {
    value       = "create:foo"
    description = "Create foos"

  scopes {
    value       = "create:bar"
    description = "Create bars"

resource "auth0_client_grant" "my_client_grant" {
  client_id =
  audience  = auth0_resource_server.my_resource_server.identifier
  scopes    = ["create:foo", "create:bar"]

As shown above, the auth0_client_grant definition includes the client_id of the application, the API’s audience, and the scopes that should be granted to the application.