Should we use a unique Machine to Machine App for Each Customer?

Our application functions sort of like a CRM.

We have a use case where there will be organizations onboarded as customers of our application.

Each organization may have 5-10 users, but we have a need that is not user-specific:

At the organization level (with no user context), our customers’ developers will need to have API access to our application, so that they can POST records into the application, on behalf of the organization.

Meaning if we onboard Acme Inc., they should be able to authenticate via some machine-to-machine authentication method and gain credentials which then allow them to access our API endpoints (to create records via HTTP POST requests).

Is the proper method here to create one machine to machine application per organization and enable permissions for the relevant APIs? Then the customer would use the client ID, client secret

And if we want to onboard customers programmatically instead of manually creating machine to machine applications, should we be using the auth0 management API’s “create client” endpoint and set the app_type to ‘non_interactive’?

Hi @admin45

You must have different apps PER CUSTOMER. Otherwise a customer could create records for a different customer.

John