I tried the example in Express.js API authorization and it is exactly what I am looking for.
Cool; glad to hear it worked for you @tjhoo
So from here, I should add machine-to-machine application for each of the external applications who wants to call my API?
I’m going to start by referring to my reply to your other post: i.e. M2M tokens and active users calculation? - #2 by peter.fernandez. If you can share a little more about what services your API provides, it may be helpful in determining the particular authentication workflow you require in order to obtain an Access Token.
If you are indeed looking for machine-to-machine level authentication, then yes, you should create a machine-to-machine application for each of the external applications in Auth0 and then they will use their respective Client ID and Client Secret in order to get an Access Token for use when calling your API.
Hope this helps