I’m fairly new to auth0 and I’m trying to understand how to use it in my case.
I’m running a pay per use rest api service. To use it the users have to first open an account on my website (SPA), navigate in the profile page and get the API key. The api keyia then inserted in each call they made to the rest api service.
The login in the website is made through the auth0 universal login page.
Now I would like to replace the custom API key management with one of the auth0 flows(I guess I have to use the client credential grant, right?)
But, how to do that? How do I get a client id and a client secret for each of my users? Should I create one third party application for each of them?
At the moment some actions on the website are performed with an access token provided from the auth0 API that I called /website. Should I create Another auth0 API that issue tokens to be used only with my rest api service (keeping the website and the rest api service separate)?