Call Your APIs on the User's Behalf
Once Auth0 is set up for User Authentication, you can enable your AI applications and AI agents to securely call your own APIs (first-party APIs) on behalf of authenticated users. This capability allows AI agents to access user-specific data or perform actions with explicit user consent and scope.
Delegated authorization
The process relies on delegated authorization, where the user grants your AI application or AI agent permission to access protected resources without sharing their credentials directly. This is achieved through access tokens:. After a user authenticates, Auth0 issues an access token to your AI application. This token represents the user's consent and defines the scope of permissions granted.
API on Auth0
An API is an entity that represents an external resource, capable of accepting and responding to protected resource requests made by applications. These APIs are configured to accept and validate access tokens. To protect an API, it must be registered as an API using the Auth0 Dashboard.
How it works for AI apps and agents
- User authentication: A user logs into your AI application or agent interface (e.g., via Universal Login).
- Access token issuance: Upon successful authentication, an access token is issued to your application.
- AI agent makes a tool call: When the AI agent needs to access user-specific data or perform an action, it makes a tool call to an API endpoint.
- Token forwarding: The access token obtained in step 2 is included in the API request (typically in the
Authorizationheader). - API validation & response: The API validates the access token. If valid, it processes the request on behalf of the user and returns the response to the AI agent.
- AI agent receives and processes the information: The AI agent then uses this response to fulfill the user's request.
Get started
To begin using Auth0 for calling your APIs in your GenAI applications, refer to the following resources:
- Quickstarts:
- Sample Apps: