I offer service as an API. Do I have to create an application for each user?

,

Hey there,

I’m just starting to use Auth0 and I am stuck on how this would work.

We offer services that are 100% an API. We don’t have any kind of front-end services, not even a login screen. After someone signs up, we would create credentials they could call our API (usually in a BI or their own services)

If I understood correctly, I would have to create a single Application for each customer. Is my understanding right?

Hi @fnfilho

If there is no UI at all, it sounds like you would be using client credentials for clients to access your API, and then yes, you would need one application per customer.

If you shared applications between multiple customers, then disabling one customer would disable all customers that shared that application.

John

1 Like

Thanks John!

A follow-up question please, how can I make authorization on my end this way?

On the examples seen here https://auth0.com/docs/quickstart/backend/nodejs, I can check scopes before allowing call to an endpoint, but I can’t restrict access to application-only data (let’s say, an application could create records, but only see the records it created).

Should I add custom fields to an application in Auth0 with my internal ID? How can I add this information to the access token?

Thanks!

Hi @fnfilho

I think what you are looking for is the client credentials hook. This is a hook that runs when the client credentials hook is executed.

Using this hook you can add custom claims to the access token.

John

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.