What is difference between Applications and APIs? What do we use APIs?

I have a hard time figuring out the purpose of APIs (that are created in Auth0 dashboard).

image

What do I need the APIs for? How the APIs are different from Applications? How to use it?

Hi there @rdruzhkov and welcome to the community!

The primary difference between the two is that an “API” as defined in Auth0 will logically represent your backend/API via the API Identifier also known as the audience whereas the Application as defined in Auth0 will provide the client_id, secret, etc. you’ll use to configure a client.

The following docs provide some more context on this relationship for example:

Hope this helps to clarify!

1 Like

Hi @tyf , thank you for the response!

So the main goal of having an API is to create audience value that will allow to the backend/API to understand if the id_token, access_token etc are intended to be used by the backend/API. Am I right?

If I’m right then why can’t we use application client_id as audience? I know that my backend/API is going to be used by the application. So it seems to me that on the backend/API side I can validate audience by checking if it’s equal to application client_id, since my application is allowed to interact with backend/API.

Hey there @rdruzhkov! I apologize for the delayed response on this one, but wanted to get back to you nonetheless.

That is exactly right.

You might be able to use the client_id as the audience as it’s just an identifier although I cannot confirm there won’t be any issues with this approach and don’t recommend :slight_smile:

2 Likes

Thank you for the provided information!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.