Has anyone found a way to support API Keys with Auth0?

Hi, I need the ability to allow third-party services to authenticate into my api on behalf of a user. There are many API’s out there that allow this, such as GitHub and Azure. They use the concept of an API key associated with a user’s account.

There are many posts in the Auth0 forums requesting this capability but I’m not sure if anyone has really found a solution.

There has been the occasional suggestion of using the refresh_token but this is a very different concept.

The use case i need a solution for is…

  1. User logs into my website using Auth0 lock screen
  2. User requests an API key (preferrably able to declare scopes for key aswell) from my website’s admin screen
  3. User Gives API key to a TRUSTED third-party service
  4. Third-party service uses API Key to make request to my API
  5. My API validates API Key. I’m thinking it would receive a bearer token in exchange for the API Key.
  6. There must also be ability for user to revoke API Key.

Does anyone know how I would achieve this use case with Auth0? It seems like such a common use case which is why I feel I must be missing something obvious with Auth0. Unfortunately, like many other people on these forums, this capability is a mandatory requirement for my solution, so if it cannot be done it would eliminate Auth0 as an option for my project.

3 Likes

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?