An API is an entity that represents an external resource, capable of accepting and responding to protected resource requests made by applications. In the OAuth2 spec, an API maps to the Resource Server.
When an application wants to access an API's protected resources, it must provide an Access Token. The same Access Token can be used to access the API's resources without having to authenticate again until it expires.
Each API has a set of defined permissions. Applications can request a subset of those defined permissions when they execute the authorization flow, and include them in the Access Token as part of the scope request parameter. To learn more about scopes, see API Scopes.
Configure an API
To protect an API, you must register an API using the Auth0 Dashboard. To learn more, see Register APIs.