Android: Calling APIs

View on Github

Android: Calling APIs

Gravatar for
By Luciano Balmaceda

This tutorial will show you how to use Access Tokens to make authenticated API calls. We recommend you to Log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: Android Studio 2.3 | Android SDK 25 | Emulator - Nexus 5X - Android 6.0

You may want to restrict access to your API resources, so that only authenticated users with sufficient privileges can access them. Auth0 lets you manage access to these resources using API Authorization.

This tutorial shows you how to access protected resources in your API.

Before You Start

Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:

  • You have completed the Session Handling tutorial and you know how to handle the Credentials object.
  • You have set up a backend application as API. To learn how to do it, follow one of the backend tutorials.

Create an Auth0 API

In the APIs section of the Auth0 dashboard, click Create API. Provide a name and an identifier for your API. You will use the identifier later when you're preparing the Web Authentication. For Signing Algorithm, select RS256.

Create API

Add a Scope

By default, the Access Token does not contain any authorization information. To limit access to your resources based on authorization, you must use scopes. Read more about scopes in the scopes documentation.

In the Auth0 dashboard, in the APIs section, click Scopes. Add any scopes you need to limit access to your API resources.

You can give any names to your scopes. A common pattern is <action>:<resource>. The example below uses the name read:messages for a scope.

create scope


Get the User's Access Token

To retrieve an Access Token that is authorized to access your API, you need to specify the API Identifier you created in the Auth0 dashboard before. At the top of the class add the constants for accessing the API: API_URL and API_IDENTIFIER

For instructions on how to authenticate a user, see the Login tutorial.

Attach the Token

To give the authenticated user access to secured resources in your API, include the user's Access Token in the requests you send to the API.

In this example, we use the OkHttp library.

Create an instance of the OkHttpClient client and a new Request. Use the provided builder to customize the Http method, the URL and the headers in the request. Set the Authorization header with the token type and the user's Access Token.

Depending on the standards in your API, you configure the authorization header differently. The code below is just an example.

Send the Request

Tell the client to create a new Call with the request you created. Call the enqueue function to execute the request asynchronously.

You need to configure your backend application to protect your API endpoints with the key for your Auth0 application, API identifier and API scopes. In this example, you can use the user's Access Token issued by Auth0 to call your own APIs.

Use Auth0 for FREE