Service not enabled within domain error

Problem statement

We created a machine-to-machine application and a Resource Server (API) in Auth0 and authorized the M2M app for this API.

When trying to get an Access Token through a client credentials exchange, we get the following error:
Service not enabled within domain: "API_IDENTIFIER"


  • When creating the Resource Server (API) in Auth0, the audience contained a whitespace in front of the identifier. So, when attempting a client credentials exchange without the whitespace in front, the audience was not recognized, causing the “Service not enabled within domain” error.
"body": {
    "name": "API NAME",
    "identifier": "",
    "signing_alg": "RS256"
  • The same could happen if you try to make a client credentials exchange and in the POST to the /oauth/token endpoint, you inadvertently add a whitespace in front of the audience, you will receive the same error.


Since the Resource Server/API identifier is set upon API creation and cannot be modified afterward, we recommend creating a new API with the correct identifier and deleting the previous API.

Alternatively, if the issue was caused by a whitespace in front of the audience during the client credentials exchange, then removing the whitespace in the request should fix the issue.