Create and Authorize a Machine-to-Machine Application

The first time you get a token for the Management API is when you complete the configuration in the Auth0 Dashboard. You won't have to do this again unless you create a new tenant. We recommend that you create a token exclusively for authorizing access to the Management API instead of reusing another one you might have.

To create and authorize a Machine-to-Machine Application for the Management API:

  1. Go to the API Explorer tab of your Auth0 Management API
  2. Click the button Create & Authorize a Test Application. A new application has been created and it's authorized to access the Management API.

Create and Authorize Application

The application created in the steps above has been granted all the Management API scopes. This means that it can access all endpoints.

How can I find out which scopes/permissions are required?

Each machine-to-machine application that accesses an API must be granted a set of scopes. Scopes are permissions that should be granted by the owner. Each Auth0 Management API v2 endpoint requires specific scopes. To see the required scopes/permissions for each endpoint, go to the Management API Explorer and find the endpoint you want to call. Each endpoint has a section called Scopes listing all the scopes that the endpoint requires. For example, the Get all clients endpoint requires the scopes read:clients and read:client_keys.

Example: Get All Clients Endpoint

The Get all clients endpoint requires the scopes read:clients and read:client_keys, while the Create an application endpoint requires the scope create:clients. From that we can deduce that if we need to read and create applications, then our token should include three scopes: read:clients, read:client_keys and create:clients.

If you have multiple applications that should access the Management API, and you need different sets of scopes per app, we recommend creating a new machine-to-machine application for each one. For example, if one application is to read and create users (create:users, read:users) and another to read and create applications (create:clients, read:clients) create two applications (one for user scopes, one for applications) instead of one.

Keep reading