How to enable programmatic access to an API?

eduard.badillo · December 18, 2023, 10:51am

I’m looking for a way to enable users of my application to access the API I provide programmatically.
I have an SPA that authenticates users with Auth0, and an API Gateway (krakend) that takes care of authd/authz.

Now, I’d like to know how to do a flow like an API key/Access tokens with Auth0. Ideally they request a token that last for a certain amount of time and that token is used to make calls to the API.

I’ve looked into creating M2M applications for each user, but doesn’t seem to be the way. Also the quota limit is not suited for this approach.
What other approaches could work for this?

Thanks

tyf · December 18, 2023, 10:22pm

Hey there @eduard.badillo welcome to the community!

Unfortunately Auth0 does not support API Keys per se, and using a client credential exchange is the best way to go about what you are looking for:

eduard.badillo · December 19, 2023, 8:56am

Hi @tyf,
Thank you for the welcome!

The following looks like what I’m looking for:

using a client credential exchange is the best way to go about what you are looking for

However, I have a few other questions with this approach:

Looks like I’d need to create one application per user. How would this affect the application quota?
Should I mark the applications as 3rd party? Do 3rd party applications count towards the application quota?

Thank you for your help!

system · January 2, 2024, 8:57am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.