Skip to main content

Metric Streams (Beta)

Metric Streams is currently available in Beta. To use this feature, you must have an Enterprise plan. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0’s product release cycle, read Product Release Stages.
Stream real-time Auth0 metrics to your monitoring platform to track API performance, identify rate limit issues, and troubleshoot errors faster. Metric Streams support both native Datadog integration and OpenTelemetry Protocol (OTLP) for platforms like New Relic, Grafana Cloud, and Splunk.

What you can monitor

Track key metrics about your Auth0 API usage:
  • API request volume: Monitor total requests to Authentication and Management APIs.
  • Error rates: Identify client and server errors affecting your integration.
  • Rate limit occurrences: Detect when your application hits rate limits.
  • Geographic distribution: Analyze traffic patterns by country.
  • Authentication flows: Track grant types and connection usage.

Use cases

Identify rate limit issues

Monitor which APIs and endpoints are hitting rate limits so you can adjust your integration or upgrade your rate limit tier.

Troubleshoot API failures

Quickly identify the root cause of errors by filtering metrics by API, operation, and failure type (rate limits, anomaly detection, or general errors).

Plan capacity

Analyze peak usage, average RPS, and percentile metrics to determine the appropriate rate limit tier for your workload.

Prerequisites

Before setting up a metric stream, you need:
  • Auth0 Management API access: Create a Machine-to-Machine (M2M) application with the following permissions:
    • read:event_streams
    • create:event_streams
    • update:event_streams
    • delete:event_streams
    • read:event_deliveries
    • update:event_deliveries
    For detailed instructions, read Get Management API Access Tokens.
  • Auth0 CLI: Install the Auth0 CLI to configure metric streams via API commands.
  • Monitoring platform account: An active account with one of the supported destinations.

Metric reference

auth0.api_request.count

Counts API requests to your Auth0 tenant with detailed filtering and aggregation tags. A new metric is emitted every 10 seconds and provides per second granularity.

Available tags

Tag NameRequiredDescription
apiYesAPI type: AUTHENTICATION or MANAGEMENT
operation_nameYesHTTP method and path (e.g., POST /oauth/token)
operation_resultYesResult: SUCCESS or FAILURE
tenantYesYour Auth0 tenant name
failure_codeNoFailure reason: RATE_LIMIT, ANOMALY_DETECTION, or CLIENT_SERVER_ERROR
country_codeNoISO country code from request IP address
client_idNoApplication Client ID (Authentication API only)
connection_idNoConnection ID (Authentication API only)
grant_typeNoOAuth 2.0 grant type (Authentication API only)
batch_seqYesSequence number for metrics with identical tags and timestamp (temporary, will be removed after Beta)
The client_id and connection_id tags can generate high cardinality in environments with many unique clients or connections, potentially increasing monitoring costs. Use these tags selectively.
Metric streams do not include API calls that are cached or blocked by Auth0’s Web Application Firewall (WAF) at the edge to prevent system overload.

Enum values

api
  • AUTHENTICATION - Authentication API requests
  • MANAGEMENT - Management API requests
operation_result
  • SUCCESS - Request completed successfully
  • FAILURE - Request failed with client or server error
failure_code (only present when operation_result is FAILURE)
  • RATE_LIMIT - Request exceeded rate limit
  • ANOMALY_DETECTION - Blocked by Auth0’s attack protection
  • CLIENT_SERVER_ERROR - HTTP 4xx or 5xx error

Supported destinations

Metric Streams support the following monitoring platforms:

Datadog

Native integration with Datadog’s metrics API

Grafana Cloud

Stream via OpenTelemetry Protocol (OTLP)

New Relic

Stream via OpenTelemetry Protocol (OTLP)

Splunk

Stream via OpenTelemetry Protocol (OTLP)

Set up Datadog

Stream Auth0 metrics directly to Datadog using their native metrics API.

Prerequisites

  • Active Datadog account
  • Datadog API key (generate at Organization Settings > API Keys in Datadog)
  • Your Datadog site (region identifier like US1 for app.datadoghq.com, EU for app.datadoghq.eu, US3 for us3.datadoghq.com)

Create metric stream

Navigate to Metric Streams:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. Select + Create Metric Stream.
  3. Select Datadog.
Configure stream:
  1. Name: Enter a descriptive name (e.g., datadog-production).
  2. Datadog Site: Select your Datadog region from the dropdown:
    • US1 for app.datadoghq.com
    • US3 for us3.datadoghq.com
    • US5 for us5.datadoghq.com
    • EU for app.datadoghq.eu
    • AP1 for ap1.datadoghq.com
  3. Datadog API Key: Paste your Datadog API key.
  4. Select Save.
This creates and automatically enables your Metric Stream.

Verify in Datadog

Within a few minutes, Auth0 metrics appear in Datadog. Navigate to Metrics > Explorer and search for auth0.api_request.count to view your data.

Manage streams

View all streams:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. All configured streams are listed with their Destination, Status, Name, and Subscriptions.
Edit a stream:
  1. Select the stream name from the list.
  2. Update the configuration.
  3. Select Save.
Enable/Disable a stream:
  1. Choose the Toggle switch in the Status column to enable or disable the stream.
  2. Disabled streams stop sending metrics but retain their configuration.
Delete a stream:
  1. Select the stream name from the list.
  2. Select Delete at the bottom of the configuration page.
  3. Confirm deletion.

Set up Grafana Cloud

Stream Auth0 metrics to Grafana Cloud using OpenTelemetry Protocol (OTLP).

Get Grafana Cloud credentials

1

Navigate to OpenTelemetry configuration

  1. Log in to your Grafana Cloud Dashboard.
  2. Select Connections > Add new connection.
  3. Select OpenTelemetry from Featured connections.
  4. Select OpenTelemetry SDK > Language Other > Next.
  5. Select Other for infrastructure > Next.
  6. Select OpenTelemetry Collector > Next.
2

Create access token

In the Instrumentation Instructions section:
  1. Select Create token.
  2. Enter a descriptive name (e.g., auth0-metrics).
  3. Select Create token.
  4. Copy the token value as you need it for the stream configuration steps.
3

Copy endpoint URL

Copy the value from the OTEL_EXPORTER_OTLP_ENDPOINT environment variable in the generated configuration block.
4

Extract authentication token

From the OTEL_EXPORTER_OTLP_HEADERS value, copy only the token portion after Authorization=Basic%20.Example:
OTEL_EXPORTER_OTLP_HEADERS=Authorization=Basic%20abc123xyz456
Copy: abc123xyz456

Create metric stream

Navigate to Metric Streams:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. Select +Create Metric Stream.
  3. Select OpenTelemetry.
Configure stream:
  1. Name: Enter a descriptive name (e.g., grafana-production).
  2. Protocol: Select HTTP from the dropdown.
  3. OTLP Endpoint: Paste your Grafana Cloud OTLP endpoint (from the setup steps above).
  4. Authentication Method: Select Basic from the dropdown.
  5. Username: Leave blank or enter if required by your Grafana setup.
  6. Password: Paste your Grafana token (from Step 4 above).
  7. Select Save.
This creates and automatically enables your Metric Stream.

Set up New Relic

Stream Auth0 metrics to New Relic using OpenTelemetry Protocol (OTLP).

Get New Relic credentials

1

Find your OTLP endpoint

Refer to New Relic’s OTLP documentation to find your region-specific endpoint:
  • US: https://otlp.nr-data.net
  • EU: https://otlp.eu01.nr-data.net
Save this endpoint URL.
2

Create ingest license key

  1. Go to [your user menu] > API Keys.
  2. Select Create a key.
  3. Select Key Type = Ingest - License.
  4. Enter a descriptive name and optional note.
  5. Select Create a key.
  6. Copy the API key immediately. You need it for later steps and it won’t be shown again.

Create metric stream

Navigate to Metric Streams:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. Select + Create Metric Stream.
  3. Select OpenTelemetry.
Configure stream:
  1. Name: Enter a descriptive name (e.g., newrelic-production).
  2. Protocol: Select HTTP from the dropdown.
  3. OTLP Endpoint: Paste your New Relic OTLP endpoint (e.g., https://otlp.nr-data.net).
  4. Authentication Method: Select API Key from the dropdown.
  5. Header Name: Enter api-key.
  6. API Key: Paste your New Relic Ingest License Key that you copied from previous steps.
  7. Select Save.
This creates and automatically enables your Metric Stream.

Set up Splunk

Stream Auth0 metrics to Splunk Observability Cloud using OpenTelemetry Protocol (OTLP).

Get Splunk credentials

1

Find your OTLP endpoint

Refer to Splunk’s OTLP HTTP Exporter documentation to find your endpoint.The endpoint format is:
https://ingest.<REALM>.signalfx.com/v2/datapoint/otlp
Replace <REALM> with your Splunk realm (e.g., us1, eu0, jp0).
2

Create access token

  1. Navigate to Settings > Access Tokens > New Token.
  2. Enter a descriptive name.
  3. Set Authorization Scope to INGEST (required).
  4. Set token expiration.
  5. Select Create.
  6. Copy and securely store the token value. You need this value for later steps.

Create metric stream

Navigate to Metric Streams:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. Select + Create Metric Stream.
  3. Select OpenTelemetry.
Configure stream:
  1. Name: Enter a descriptive name (e.g., splunk-production).
  2. Protocol: Select HTTP from the dropdown.
  3. OTLP Endpoint: Paste your Splunk OTLP endpoint (e.g., https://ingest.us1.signalfx.com/v2/datapoint/otlp).
  4. Authentication Method: Select API Key from the dropdown.
  5. Header Name: Enter X-SF-TOKEN.
  6. API Key: Paste your Splunk access token (from Step 2 above).
  7. Select Save.
The metric stream is created and automatically enabled.

Understand metric cardinality

Cardinality refers to the number of unique time series generated by your metrics. Higher cardinality increases monitoring costs.
TagCardinalityImpact
apiLow2 unique values (Authentication, Management)
operation_nameMediumVaries by API operations used
operation_resultLow2 unique values (Success, Failure)
tenantMedium1 per Auth0 tenant
failure_codeLow3 unique values (only on failures)
country_codeMedium-HighVaries by geographic distribution
client_idHigh1 per application client
connection_idHigh1 per identity provider connection
grant_typeLowLimited OAuth 2.0 grant types
batch_seqLowTemporary tag (removed after Beta)
Use client_id and connection_id tags carefully. In environments with many applications or connections, these tags can significantly increase costs. Consider filtering to specific clients or aggregating these tags if detailed granularity isn’t required.

Troubleshooting

Metrics not appearing

Check stream status:
  1. Go to Auth0 Dashboard > Monitoring > Metric Streams.
  2. Find your metric stream in the list.
  3. Verify the Status column shows Enabled.
  4. Select the stream name to view detailed configuration and verify settings.
Verify destination credentials:
  • Datadog: Confirm your API key is valid and the site URL matches your Datadog region
  • OTLP destinations: Verify endpoint URL, authentication token, and header name are correct
Check for edge caching: Remember that cached requests and WAF-blocked requests are not included in metric streams.

High monitoring costs

If you’re seeing unexpectedly high costs:
  1. Review which tags you’re using in queries and dashboards.
  2. Consider removing client_id and connection_id from aggregations.
  3. Use sampling or filtering in your monitoring platform to reduce ingested metrics.
  4. Aggregate by higher-level tags like api and operation_result instead of granular tags.