Call Your API from a Machine-to-Machine App

Everything you need to know to call your API from your machine-to-machine (M2M) app

Ready to start building?

Using Auth0 in your applications means that you will be "outsourcing" the authentication process to a centralized login page in the same way that Gmail, YouTube, and any other Google property redirects to accounts.google.com whenever a user signs in.

With machine-to-machine (M2M) apps, however, the system authenticates and authorizes the app rather than a user.

How it works

When your app needs to fetch user data from your API:

  1. Your M2M application authenticates with your Auth0 Authorization Server.
  2. Auth0 responds with an Access Token.
  3. The Access Token can be used to call your API and retrieve requested data.

For M2M applications, Auth0 uses the M2M Flow.

Flow Overview for Machine-to-Machine Apps

Implementation overview

  1. 1

    Configure your API

    Once you have created your API, you will need to authorize your M2M application and configure any scopes that applications can request during authorization.
  2. 2

    Get an Access Token

    Your app requests an Access Token from your Auth0 Authorization Server using the M2M Flow.
  3. 3

    Call your API

    When your app calls your API, it includes the retrieved Access Token in the HTTP Authorization header.

To implement the M2M flow follow our Backend/API Quickstarts. The "Calling your API" section shows the steps required.

Or, to use our API endpoints, you can follow our tutorial: Call Your API Using the M2M Flow.

Keep reading

References

API endpoints, libraries, and best practices

Concepts

Understand the fundamentals

What's next


Ready to start building?