iOS Swift: Calling APIs
This tutorial will show you how to use Access Tokens to make authenticated API calls. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Auth0 provides a set of tools for protecting your resources with end-to-end authentication in your application.
In this tutorial, you'll learn how to get a token, attach it to a request (using the authorization header), and call any API you need to authenticate with.
Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:
- You have completed the Session Handling tutorial and you know how to handle the
- You have set up a backend application as API. To learn how to do it, follow one of the backend tutorials.
Create an Auth0 API
In the APIs section of the Auth0 dashboard, click Create API. Provide a name and an identifier for your API. You will use the identifier later when you're preparing the Web Authentication. For Signing Algorithm, select RS256.
1. Create a new application
Add a Scope
By default, the Access Token does not contain any authorization information. To limit access to your resources based on authorization, you must use scopes. Read more about scopes in the scopes documentation.
In the Auth0 dashboard, in the APIs section, click Scopes. Add any scopes you need to limit access to your API resources.
2. Configure the permissions
Get the User's Access Token
To retrieve an Access Token that is authorized to access your API, you need to specify the API Identifier value you created in the Auth0 APIs Dashboard.
Present the Hosted Login Page:
3. Allowing access from external organizations (optional)
Attach the Access Token
To give the authenticated user access to secured resources in your API, include the user's Access Token in the requests you send to the API.
4. Create the key
Send the Request
Send the request you created: