Call Your API from a Machine-to-Machine App
Everything you need to know to call your API from your machine-to-machine (M2M) app
Using Auth0 in your applications means that you will be "outsourcing" the authentication process to a centralized login page in the same way that Gmail, YouTube, and any other Google property redirects to accounts.google.com whenever a user signs in.
With machine-to-machine (M2M) apps, however, the system authenticates and authorizes the app rather than a user.
How it works
Limits
How it works
When your app needs to fetch user data from your API:
- Your M2M application authenticates with your Auth0 Authorization Server.
- Auth0 responds with an Access Token.
- The Access Token can be used to call your API and retrieve requested data.
For M2M applications, Auth0 uses the Client Credentials Flow.
Implementation overview
Exceeding the Rate Limit
Implementation overview
- 1
Configure the sign-in methods
Auth0 supports a wide range of authentication methods: regular username/password (users can be stored in Auth0 or your own database), social (i.e., Google, Facebook, and 50+ other providers), passwordless (email magic link, email code, and phone code), and enterprise (e.g., SAML-based, ADFS, Ping, Okta).
Go to the dashboard and turn on the methods you want to allow; they will automatically show up in the login/sign-up page. By default, email/password and Google are enabled. - 2
Customize the sign-in UI (optional)
The default experience is demonstrated in the image below and can be completely customized in the dashboard, from changing the logo and primary colors to completely overriding it with your own login screen.
- 3
Use the Auth0 SDK to trigger the flow
The SDK will take care of the details of opening the SafariViewController or Chrome Custom Tab, parsing the response back from Auth0, and validating the ID Token.
Your app can store the Access Token and a Refresh Token used to renew the Access Token without asking the user to re-enter their credentials. Follow one of our Native/Mobile Quickstarts to get started with the integration.
- 1
Configure your API
Once you have created your API, you will need to authorize your M2M application and configure any scopes that applications can request during authorization. - 2
Get an Access Token
Your app requests an Access Token from your Auth0 Authorization Server using the Client Credentials Flow. - 3
Call your API
When your app calls your API, it includes the retrieved Access Token in the HTTP Authorization header.
To implement the Client Credentials Flow, follow our Backend/API Quickstarts. The "Calling your API" section shows the required steps.
Or, to use our API endpoints, you can follow our tutorial: Call Your API Using the Client Credentials Flow.
Keep reading
Guides
Step-by-step instructions for tasks
Keep reading
Guides
Step-by-step instructions for tasks
What's next
- Auth0 offers many ways to personalize your user's login experience and customize tokens using rules and hooks.
- If you are building your own API and you want to secure the endpoints using Auth0, see Protect Your API.
- Learn more about the ways Auth0 can help you manage user profiles and maintain custom user data.