Rails API Authorization with Auth0 and Webhooks

We are working on a POC to authorize 1st party and 3rd party APIs using Auth0; Our implementation, following the documentation here: Rails API Authorization By Example, requires making a request to the authorization server with client_id, client_secret and audience_id, receiving a jwt token back and using that token to make a request to our protected service API.

The above approach works, but we have one other use case that is not represented:
We have a couple of external services that use webhooks to call APIs in our service (Easypost is one of them for example, which triggers a webhook that makes an API call to a tracking API on our system to update the tracking info). Based on their webhook configuration, they only allow basic authentication or HMAC validation: API Docs - EasyPost. For this use case, we were thinking of using Auth0 actions (previously rules) to make a call to the authorization server from the webhook interface and based on the audience ID have an action that will make the call to the internal API after the authorization is successful with the jwt token returned. Is this the proper approach to handle this use case or is there a better option?

Hi @galsaatva,

Welcome to the Auth0 Community!

Yes, using Actions to conditionally make a call based on the audience ID to your internal API is valid and recommended.

For this case, you will need to use the Machine to Machine Flow in Actions.

As a reference, you could refer to this FAQ for an example of making an Axios API request in an Action.

Please let me know if you have any questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.