I have enterprise customers that would like to access my API programatically. It appears the way to do this is using the Client Credentials flow:
- Create a new M2M Application for each enterprise customer.
- Give the customer the client id and secret
- The customer will exchange the client id and secret for an access token using the M2M Application
- The customer will send requests to my API with that access token
- When the access token expires, the customer will exchange their client id and secret for a new access token
My concern is that the Auth0 subscription plan only allows for a limited number of access tokens per month. How can I prevent an enterprise customer from fetching a new access token for every request, or even fetching new access tokens prematurely, and burning through the M2M token amount provided with my subscription? Thank you.