Auth0 Management API Reference

This version of the Management API has been deprecated. We recommend that you use the new version instead.

API endpoint


Each API request must include an Access Token, either inside the query string:

or in an Authorization header:

A token is obtained using the POST method:

The response body of this POST is a JSON object:

Here is a simple example using cURL:


The Authorization header is the only accepted header and is used in place of the query string to send the Access Token. All content is returned in JSON. The Accept header is ignored for now.


Connection Methods

Verb URL
GET https://YOUR_DOMAIN/api/connections
GET https://YOUR_DOMAIN/api/connections/{connectionName}
POST https://YOUR_DOMAIN/api/connections
DELETE https://YOUR_DOMAIN/api/connections/{connectionName}
PUT https://YOUR_DOMAIN/api/connections/{connectionName}

List all Connections

To return a list of all defined connections in Auth0, use this syntax:

The body of the response is a connection object formatted as follows:


Parameter Description
client_id Your client_id (YOUR_CLIENT_ID), used to obtain the authentication token.
name The unique name you gave to the connection.
status Defines whether the connection is active 1 or not 0.
strategy The type of identity provider associated with this connection. See below for supported strategies.
options An object with properties that are dependent on the strategy selected.


Strategy For Customers Using
adfs On Premises Active Directory or any WS-Federation server
g-suite G Suite
google-oauth2 Google (through the OAuth2 protocol)
office365 Office 365 and Microsoft Azure Active Directory
windowslive Microsoft Account (formerly LiveID)

When implementing the office365, g-suite or adfs strategies, the following properties are added to the connection object:

The provisioning_ticket_url is sent to the identity provider administrator and contains information on how to complete the configuration on their side.

A GET on connections with a specified {connectionName} in the path will return the matching connection object only.

The cURL sample scripts

This script returns a specific connection:

This script returns all connections:


The options object returned in the connection will be different for each strategy and will typically contain the same information that was entered on the connections screen.

ADFS Strategy
Parameter Description
tenant_domain The domain name of the company (If the user's email is john, then is the domain).
adfs_server (for example:
signInEndpoint The URL of the ADFS server where Auth0 will redirect users for login. (for example:
G Suite Strategy

To obtain the client_id and client_secret for G Suite connections, see Google connections.

Google OAuth2 Strategy
Office 365 Strategy

To obtain client_id and client_secret for Office 365 connections, see o365-clientid.

Microsoft Account Strategy

To obtain client_id and client_secret for Microsoft Accounts, see Microsoft Account Client ID.

Get a specific Connection

Delete a connection

A Delete operation on the connections object will eliminate the connection definition permanently. The parameter for this operation is the name of the connection to delete.

If successful, the response body will contain a confirmation object:

Batch operations are not yet supported.

Create a new Connection

To create a new connection, POST a connection object to the connections resource:

The body of the request is formatted as a connection object. For example, the following will create a new connection to G Suite, initially inactive (status=0):

Once again, the options object is dependent on the strategy specified.

If successful, the response body will contain a complete connection object. This will include additional fields (such as the entity id, and so on).

Updating a Connection

For updates, use the PUT method. A PUT works on a specific connection, therefore the connection name must be specified. All object parameters must be included, not only those which have changed.


Verb URL Description
GET https://YOUR_DOMAIN/api/users Gets all users who have logged in through any of your connections.
GET https://YOUR_DOMAIN/api/connections/{connection}/users Gets all users from an enterprise directory like Office365 / Microsoft Azure Active Directory or a G Suite domain.
GET https://YOUR_DOMAIN/api/socialconnections/users Gets all users who have logged in through any of the enabled social connections.

If the connection does not support querying for users (for instance: ADFS), the GET https://YOUR_DOMAIN/api/connections/{connection}/users will return users who have logged in through that connection.

The User Object

Most attributes in the user object are self-explanatory. Some comments are below:

Parameter Description
issuer The name of the authentication server. In the example above it is the URL of Fabrikam's ADFS server used.
user_id (for example:
picture The URL of the user's gravatar, if available.
user_id A "friendly" unique identifier composed of the strategy plus a unique identifier from the issuer (for example: email, and so on).

Other resources