How do I guard my API products via Auth0 - like the Github PAT (personal access token)


We make API products to serve our customers.
I am looking at the following user journey:

  1. A user can register on my website to use the API
  2. A user can generate an access token through a console page
  3. A user can attach that token in the header during the HTTP call to an API endpoint
  4. The API endpoint can identify the user and authorize her upon receiving the token
  5. A user can manage all the access token through the console page, e.g., invalidating a token

My understanding is I can use auth0 standard flow to support the registration/login of users in step1.

But how shall I support the generation and management of user access tokens? My understanding is that I need to call some Auth0 management API from the backend side. But what particular APIs and flows should I look for?

Any suggestion is appreciated. Thanks!

Hi @dayeye2006,

Welcome to the Auth0 Community!

Auth0 doesn’t have a feature analogous to GitHub’s revocable personal access tokens or API Keys.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.