I have a hard time figuring out the purpose of APIs (that are created in Auth0 dashboard).
What do I need the APIs for? How the APIs are different from Applications? How to use it?
I have a hard time figuring out the purpose of APIs (that are created in Auth0 dashboard).
What do I need the APIs for? How the APIs are different from Applications? How to use it?
Hi there @rdruzhkov and welcome to the community!
The primary difference between the two is that an “API” as defined in Auth0 will logically represent your backend/API via the API Identifier
also known as the audience
whereas the Application as defined in Auth0 will provide the client_id
, secret
, etc. you’ll use to configure a client.
The following docs provide some more context on this relationship for example:
Hope this helps to clarify!
Hi @tyf , thank you for the response!
So the main goal of having an API is to create audience
value that will allow to the backend/API to understand if the id_token
, access_token
etc are intended to be used by the backend/API. Am I right?
If I’m right then why can’t we use application client_id
as audience
? I know that my backend/API is going to be used by the application. So it seems to me that on the backend/API side I can validate audience
by checking if it’s equal to application client_id
, since my application is allowed to interact with backend/API.
Hey there @rdruzhkov! I apologize for the delayed response on this one, but wanted to get back to you nonetheless.
That is exactly right.
You might be able to use the client_id
as the audience as it’s just an identifier although I cannot confirm there won’t be any issues with this approach and don’t recommend
Thank you for the provided information!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.