I have a front-end SPA and a separate back-end API.
My Auth0 setup is I have a SPA application and an API created.
What I don’t get is why creating an API automatically creates a second application, this time of type machine-to-machine?
So far as I can tell, I don’t need this; the Auth0 client key I’m using in my app, to resolve the JWT and make calls to the Auth0 API, relates to the SPA application, not the machine-to-machine application that was auto-created.
So what’s it for, and is it safe to remove it?