Should I have two separate apps for SPA and its API

We have a single-page app with an API (the standard stuff).

On frontend we are using it for authentication only.
On backend, mainly token validation and some management API (like password update)

Until now we had two separate apps, one for the app and another for API.

Is it the correct approach? It is even worth having two separate apps? Is the usage quota calculated differently in these cases?
For example, in the case that M2M app used for authentication and management, are both of these counted towards and API call?

Just not sure what is the best practice here.


Hi @shurika

Normally you would have one App (also known as a Client in your Auth0 tenant) and one API.

Your SPA will get an access token for that API, and pass it when calling the API.


@john.gateley And how are the API calls from M2M are counted in that case?

Hi @shurika

If your back end is getting an M2M token to call the management API, that is counted towards the M2M quota. When your front end calls the backend with an access token received from authorization, that is not a M2M token and is not counted.