Hi. I’m new to all this auth20 stuff so please be easy. Dot Net C# ASP.

I expose a bunch of apis. I have “clients” who access these apis.

I have code that

1. has UI implementing Auth0 login. Works great.
2. Secure API. Gets bearer token and validates it. Works great.

How do I tell client “Hey, to use my api now, make this API call with ur username, password - and then pass in token”?.

All I see is two scenarios:

1. User login manually via web app
2. Machine to machine api setup with client id/client secret. No name, no way of knowing which client called me.

How can I setup my clients to get a token and call me so I know who it is?
Also keep logging, diagnostics, azure graphs so I can bill them for usage, etc.

Thanks.

I think we’re just gonna give our clients an apikey. No point in a overhead of an auth0.com call with clientid/client secret, just to get a piece of text, they send an api call. Just send the text we give u. Our azure db is pretty secure.

Auth0 sounds more useful for user logins/storage, etc.