Getting Started with the Auth0 API

Learn what services Auth0 provides and the sign-up process to start using Auth0 APIs.

Auth0 integrates user authentication and management services efficiently and effectively into our application. With the help of Auth0, we can outsource login, authorization, and logout logic, control user management and extend customizations, and attack protection.

Auth0 offers two types of APIs, the authentication API and the management API. Front-end and less trusted applications use the authentication API, which offers limited functionality. In comparison, the back-end server uses the management API to perform administrative tasks. We can perform management tasks using the Auth0 dashboard or management API.

The illustration below shows some of the important functionalities we'll see in this course.

An overview of the Auth0 API endpoints
An overview of the Auth0 API endpoints

Signing up

Let's create an account and set up an environment for Auth0 APIs.

  • Visit the Auth0 sign-up page, enter the email from which you want to register on the Auth0 platform, and click the “Continue” button.

  • Choose your password and click the “Continue” button.

  • Select the “Yes, Coding” option as "Role" and click “Next.”

Congratulations! The sign-up process is complete, and you'll be redirected to the dashboard.

Getting an access token

We’ve seen how to set up our account with Auth0, but we still need an access token. For this purpose, let’s see the “APIs” section in the menu.

  • Click “APIs” under the “Applications” section from the menu bar on the left. You'll see an “Auth0 Management API.” This API was created automatically, but we must authorize an application/client with it to consume it.

  • Click the name of the API, and it’ll take you to its settings page.

  • Copy  “Identifier” and paste it into the upcoming widget “API_IDENTIFIER” field.

  • After that, click the “API Explorer” tab from the API's menu and click the “Create & Authorize Test Application” button.

  • Now you can copy the “Token” value from the application page and paste it in the “ACCESS_TOKEN” field in the code widget, which is present at the end of this lesson.

Note: Access tokens issued by Auth0 have an expiration time that is set by the application. By default, the expiration time is set to 24 hours. Once the access token has expired, the application must obtain a new one by visiting the “API Explorer tab to continue accessing protected resources.

This process is depicted in the below slides:

We’ve created an access token.

Now, let's explore the application and configure the callback URI to make it communicate with the API. An important point is to remember that the application is also referred to as a client.

Configuring the application settings

Before we proceed to make API calls, we need to have the following information:

  • Domain

  • Client ID

In order to do that, we have to follow the following steps.

  • Click the “Applications” button under the “Applications” tab from the left panel.

  • Click “API Explorer Application” to open the application settings.

  • Copy the “Domain” and “Client ID” values and paste them into the widget below.

  • Write the following URL as a callback URL for your application.

  • Write the following URL as a logout URL for your application.

  • Click the “Advanced Settings” drop-down options and then the “Grant Types” tab.

  • Select the “Implicit,” “Authorization Code,” “Client Credentials,” and “Password” options.

  • Click the “Save Changes” button to save the settings.

These steps can be visualized below:

Next, save all the values in the widget below to use in the upcoming lessons.

console.log("Client ID:"+"{{CLIENT_ID}}")
console.log("Access token:"+"{{ACCESS_TOKEN}}")