Call Your API from a Machine-to-Machine App
Call Your API from a Machine-to-Machine App
Everything you need to know to call your API from your machine-to-machine (M2M) app
Using Auth0 in your applications means that you will be "outsourcing" the authentication process to a centralized login page in the same way that Gmail, YouTube, and any other Google property redirects to accounts.google.com whenever a user signs in.
With machine-to-machine (M2M) apps, however, the system authenticates and authorizes the app rather than a user.
How it works
When your app needs to fetch user data from your API:
- Your M2M application authenticates with your Auth0 Authorization Server.
- Auth0 responds with an Access Token.
- The Access Token can be used to call your API and retrieve requested data.
For M2M applications, Auth0 uses the Client Credentials Flow.
Implementation overview
- 1
Configure your API
Once you have created your API, you will need to authorize your M2M application and configure any scopes that applications can request during authorization. - 2
Get an Access Token
Your app requests an Access Token from your Auth0 Authorization Server using the Client Credentials Flow. - 3
Call your API
When your app calls your API, it includes the retrieved Access Token in the HTTP Authorization header.
To implement the Client Credentials Flow, follow our Backend/API Quickstarts. The "Calling your API" section shows the required steps.
Or, to use our API endpoints, you can follow our tutorial: Call Your API Using the Client Credentials Flow.
Keep reading
Guides
Step-by-step instructions for tasks
What's next
- Auth0 offers many ways to personalize your user's login experience and customize tokens using rules and hooks.
- If you are building your own API and you want to secure the endpoints using Auth0, see Protect Your API.
- Learn more about the ways Auth0 can help you manage user profiles and maintain custom user data.