Calling APIs from a Service
The OAuth 2.0 grant that machine to machine interfaces utilize in order to access an API, is the Client Credentials Grant. In this document we will see how this flow works.
Overview of the flow
With the Client Credentials Grant (defined in RFC 6749, section 4.4) a Machine to Machine Client (a CLI, a daemon, or a Service running on your backend), can directly ask Auth0 for an Access Token, by using its client credentials (Client Id and Client Secret) to authenticate. In this case the token represents the client itself, instead of an end user.
The application authenticates with Auth0 using its Client Id and Client Secret.
Auth0 validates this information and returns an Access Token.
The application can use the Access Token to call the API on behalf of itself.
How to implement the flow
For details on how to implement this using Auth0, refer to Execute a Client Credentials Grant. Before you do so, you have to set up the Grant first either using the Dashboard or using the Management API.