Create Machine-to-Machine Applications for Testing

When you create an account, a default Management API instance is created in the API section of the Auth0 Dashboard. A sample machine-to-machine test application is automatically created. The following instructions allow you to create another test application to use with this Management API instance and use the generated test token before building your own Production setup.

You should note, the test token located under API Explorer is for testing access to the Management API only. To learn more about Management API tokens, review Get Management API Access Tokens for Production. If you are interested in using the test token, visit Get Management API Access Tokens for Testing

  1. Go to Dashboard > Applications > APIs and select Auth0 Management API.

  2. Select the API Explorer tab.

  3. Click Create & Authorize a Test Application. A new application has been created and is authorized to access the Management API.

Dashboard Applications APIs Auth0 Management API Explorer Tab Authorize and Test

The application created in the steps above has been granted all the Management API scopes. This means that it can access all endpoints for testing purposes. However, applications do not generally allow access to all scopes but only authorizes scopes that are required.

How can I find out which scopes/permissions are required for the Management API?

Each machine-to-machine application that accesses an API must be granted a set of Scopes. Scopes are permissions that should be granted by the owner. Each Auth0 Management API v2 endpoint requires specific scopes. To see the required scopes/permissions for each endpoint, go to the Management API Explorer and find the endpoint you want to call. Each endpoint has a section called Scopes listing all the scopes that the endpoint accepts.

Example: Get All Connections endpoint

The Get All Connections endpoint accepts the read:connections scope while the Create a Connection endpoint accepts the write:connections scope. Our machine-to-machine token should only need the read:connections scope in order to access data from that endpoint.

If you have multiple applications that should access the Management API, then you should create separate machine-to-machine applications for each application in Auth0 instead of just a single machine-to-machine application.

Learn more