Regulating Access Token use by External APIs

f8DhZh3P · September 16, 2022, 7:09pm

Hi there,

I have enterprise customers that would like to access my API programatically. It appears the way to do this is using the Client Credentials flow:

Create a new M2M Application for each enterprise customer.
Give the customer the client id and secret
The customer will exchange the client id and secret for an access token using the M2M Application
The customer will send requests to my API with that access token
When the access token expires, the customer will exchange their client id and secret for a new access token

My concern is that the Auth0 subscription plan only allows for a limited number of access tokens per month. How can I prevent an enterprise customer from fetching a new access token for every request, or even fetching new access tokens prematurely, and burning through the M2M token amount provided with my subscription? Thank you.

dan.woda · October 1, 2022, 12:50am

Hi @f8DhZh3P,

There is a bit of a gap for this type of use case at the moment. It would be helpful to create a Feature Request so we can gauge interest. Thanks!

system · October 15, 2022, 12:51am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.