How to use Auth0 to secure an API

This is my scenario. I have a public web-site. There are two types of users:

  1. Anonymous – They are exploring the site, haven’t created a login
  2. Signed Users – Have an account and have logged in.

My question is how to handle anonymous users?
I do not want the API to be accessible to the whole world. CORS is also not a good option, as there are many ways around it. Is there anything available within Auth0 that could help me.

What are my options?

Hi @pshah331,

Welcome to the Auth0 community!

What framework are you building on?


Thanks for the response. I have not picked a framework for the front end yet.
I hope to use Netlify for hosting the site statically. AWS Lambda functions written in Node JS containing backend logic. Hope is to call them through plain Javascript using Amazon API Gateway.
I have seen examples of Authorizers being used with API Gateway, but in all instances the user is logged in. I am trying to find if there is a way to create a default account to identify that a user is not logged and thus provide limited public details through the API on the Web.