Android: Calling APIs
This tutorial will show you how to use Access Tokens to make authenticated API calls. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
You may want to restrict access to your API resources, so that only authenticated users with sufficient privileges can access them. Auth0 lets you manage access to these resources using API Authorization.
This tutorial shows you how to access protected resources in your API.
Before You Start
Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:
- You have completed the Session Handling tutorial and you know how to handle the
- You have set up a backend application as API. To learn how to do it, follow one of the backend tutorials.
Create an Auth0 API
In the APIs section of the Auth0 dashboard, click Create API. Provide a name and an identifier for your API. You will use the identifier later when you're preparing the Web Authentication. For Signing Algorithm, select RS256.
Add a Scope
By default, the Access Token does not contain any authorization information. To limit access to your resources based on authorization, you must use scopes. Read more about scopes in the scopes documentation.
In the Auth0 dashboard, in the APIs section, click Scopes. Add any scopes you need to limit access to your API resources.
Get the User's Access Token
To retrieve an Access Token that is authorized to access your API, you need to specify the API Identifier you created in the Auth0 dashboard before. At the top of the class add the constants for accessing the API: API_URL and API_IDENTIFIER
Attach the Token
To give the authenticated user access to secured resources in your API, include the user's Access Token in the requests you send to the API.
Create an instance of the
OkHttpClient client and a new
Request. Use the provided builder to customize the Http method, the URL and the headers in the request. Set the Authorization header with the token type and the user's Access Token.
Send the Request
Tell the client to create a new
Call with the request you created. Call the
enqueue function to execute the request asynchronously.
You need to configure your backend application to protect your API endpoints with the key for your Auth0 application, API identifier and API scopes. In this example, you can use the user's Access Token issued by Auth0 to call your own APIs.