Hi everyone,
I’m building a customer API where merchants can create orders, transactions, etc.
I would like each customer to be able to submit requests to my backend, but I’m able to convey certain metadata to my backend, in particular, the customer ID on my end so that all requests are created/retrieved for that specific merchant.
You can add properties to an id token for a user via Auth0 Actions: Auth0 Actions. During the login flow, you can validate the properties on the id token.
Alternatively, if your customers are requesting an access token to then hit your API, you could add scopes (permissions) with required metadata to the token to verify the correct merchant: Scopes.