Overview
This article discusses how to search for M2M applications that are authorized to use the Management API on a given tenant.
Applies To
- Management API
- Applications
- Reporting
Solution
There are two methods to carry out this analysis:
Approach A: Using the Management API
- Retrieve a list of clients using the Get clients endpoint with this query:
/api/v2/clients?per_page=100&include_totals=true&app_type=non_interactive&page=0
Incrementing the “page” counter to see all matching applications.
- Call the Get client grants endpoint with the below query to find all client grants for the tenant’s Management API audience:
/api/v2/client-grants?per_page=100&page=0&include_totals=true&audience=<YOUR_MANAGEMENT_API_AUDIENCE_HERE>
Again incrementing the page count until all matching client grants are found.
- Once the results have been stored, correlate the results locally to identify the client IDs returned in “GET Client Grants” list that are also in the “GET Clients” results for M2M applications to get the final list of M2M applications authorized for the Management API on the tenant.
Approach B: Using a Deployment Tool to Export the Configuration
An alternative approach would be to perform an export of the tenant’s configuration to a YAML file using the Deploy CLI tool, and then perform the analysis locally. This has the benefit of not requiring the API calls and pagination but will require more filtering on the resultant YAML file:
- Use the Deploy CLI Tool
- The clients would be presented like this in the output file:
And also the client grants would be listed like this:
- Filter this output YAML file to get only the client IDs using the Management API, and then check which of those client IDs are M2M (non_interactive) or vice versa, for example.
The Terraform provider could also be used similarly by following the Auto-generating Terraform config files from Auth0 tenant guide to export the existing tenant configuration.