I need some advice on the correct approach to do a common task. My apologies if this has been asked in the past but things seem to move pretty fast in the world of Auth0! so I want to make sure I’ve got the latest/more appropriate approach.
We have a SAAS product for analysing chatbot data (built in React/GraphQL). This is an SPA with Custom API all secured by Auth0 and works fine.
Users login to the portal and can view the chat data for each chatbot they have added.
We harvest the data via a REST API which our clients POST transcripts to. It’s this REST API which we also need to secure with Auth0 and where I need clarification.
I want to allow our users to be able to create an API key and SECRET in our portal which they can then send in requests to log data to our secured REST API. The most preferable is that the users just create their own key by clicking on a button or whatever and then we can allow them to recreate if needed. Similar to Heroku’s API key creation.
So, I’m presuming this is a machine to machine login for each user on our portal, each user will have their own key/secret and use these to log their data.
What would be the best approach to achieve this?
Thanks in advance