I am calling a back end API to populate the claims during the login, that will be added in the Auth0 access token.
Are there any standard ways to protect my back end API? (Certificate, Client credentials, IP protection etc.) - can’t see any documentation on this aspect - especially the configuration/script to be done in Auth0 tenant or the rule.
I do not prefer to leave the claims end point open.
Appreciate any inputs on this.