I have been asked to look into the possibility of securing Machine to Machine API’s using a JWT token, using the Auth0 stack. (see https://auth0.com/docs/flows/concepts/client-credentials )
Our configuration requirements are :
- API hosted with Azure API Management
- Simple Get request returning json for a given identifier
- Client API calls host api 10000’s of times a day so needs to be very responsive
- No human interaction
- Limited client technical knowledge
- No ability to renew JWT token as no UI
Is the above possible, and more importantly performant ?
If not what would be a better approach to secure the API, (API Keys, Certificates, White Listing etc…) ?