How do I guard my API products via Auth0 - like the Github PAT (personal access token)

dayeye2006 · August 27, 2021, 11:04pm

We make API products to serve our customers.
I am looking at the following user journey:

A user can register on my website to use the API
A user can generate an access token through a console page
A user can attach that token in the header during the HTTP call to an API endpoint
The API endpoint can identify the user and authorize her upon receiving the token
A user can manage all the access token through the console page, e.g., invalidating a token

My understanding is I can use auth0 standard flow to support the registration/login of users in step1.

But how shall I support the generation and management of user access tokens? My understanding is that I need to call some Auth0 management API from the backend side. But what particular APIs and flows should I look for?

Any suggestion is appreciated. Thanks!

dan.woda · August 30, 2021, 9:09pm

Hi @dayeye2006,

Welcome to the Auth0 Community!

Auth0 doesn’t have a feature analogous to GitHub’s revocable personal access tokens or API Keys.

system · October 13, 2021, 6:42pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to generate tokens for API users? Help api , tokens , api-authorization	11	13032	August 27, 2019
How to protect my API and give access to consumers through token? Help jwt , auth0 , api	2	4761	July 30, 2019
How to secure an API with Auth0 Help access-token	5	10544	February 10, 2019
How can a user access an API? Help jwt , api , auth0-users , users , api-authorization	4	5958	March 2, 2018
Generating per-user API keys for services Help apis , application	2	2437	March 8, 2023

How do I guard my API products via Auth0 - like the Github PAT (personal access token)

Related Topics