Hi @trondhindenes ,
The use case you describe seems to be subject to M2M authorization.
A machine2machine application requests a bearer token intended for the API and your clients can access its resources by just sending a request with the Authorization header and a received Bearer token.
Maximum value for Token Expiration is 2,592,000 seconds (30 days).
There are monthly reports of the subscription usage - Monitor Subscription Usage
The pricing page shows the monthly limits (please uncover the “Compare plans” tab) - Pricing - Auth0
One known challenge with this approach is that currently there’s no built-in mechanism to control how often your customers request a new access token for the API. There is a product feature request and you are welcome to upvote. It’s here: Add rate limiting and cache for m2m token authentication endpoints
There’s also a guidance developed by our developers to help with that (it’s downloadable and can be found in this post) - Limit Client requests on Machine to Machine flow - #2 by peter.fernandez
Hope this helps and feel free to reach out with questions!