API Settings

API Settings

On the APIs page of the Auth0 Dashboard, locate your API and click its name to view the available settings.

  • Id: A unique alphanumeric string generated by Auth0. This information is read-only, and you will only need it if you will be working directly with Auth0's Management API Resource Servers endpoints.

  • Name: A friendly name for the API. Does not affect any functionality. The following characters are not allowed: < >.

  • Identifier: A unique identifier for your API. This value is set upon API creation and cannot be modified afterwards. We recommend using a URL, but this doesn't have to be a publicly available URL; Auth0 will not call your API at all.

  • Token Expiration (Seconds): The amount of time (in seconds) before the Auth0 Access Token expires. The default value is 86400 seconds (24 hours). The maximum value you can set is 2592000 seconds (30 days).

  • Allow Skipping User Consent: When this is enabled, the User Consent dialog will not be shown to the end user when a first-party application requests authorized access against your API. Please note that if the hostname of your application's callbackURL is localhost or, the consent dialog will always be displayed.

  • Allow Offline Access: When this is enabled, Auth0 will allow applications to ask for Refresh Tokens for your API.

  • Signing Algorithm: The algorithm with which to sign the tokens. The available values are HS256 and RS256. When selecting RS256 (recommended), the token will be signed with your tenant's private key. This value is set when your API is created and cannot be modified afterwards. To learn more about signing algorithms, see Signing Algorithms.