Secure way to authenticate auth0 custom database get user request on server side for lazy migration?

vprasanna · August 11, 2022, 7:51am

Now we are really concerned about securing our custom API what will provide user details for Get User request.
We have a API which returns user details and we want to use that in custom getUser database script.
We wanted to understand auth0 recommended approach to protect that endpoint.

One way is to, create auth0 specific private client in custom auth and use that access token
Another is to use basic auth

john.gateley · August 11, 2022, 2:01pm

Hi @vprasanna

There are a couple of approaches.

You can use an API key. This would be stored as a secret in the getUser script, and verified by your API.

You can use M2M and get an access token in the getUser script (make sure the access token is cached)

In addition to the above, you can firewall your API - the set of IP addresses is specified on the script page.

John