iOS Swift: Calling APIs

View on Github

iOS Swift: Calling APIs

Gravatar for
By Martin Walsh

This tutorial will show you how to use Access Tokens to make authenticated API calls. We recommend that you log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: Cocoapods 1.9 | iOS 9+ | Xcode 11.4+

Auth0 provides a set of tools for protecting your resources with end-to-end authentication in your application.

In this tutorial, you'll learn how to get a token, attach it to a request (using the authorization header), and call any API you need to authenticate with.

Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:

  • You have completed the Session Handling tutorial and you know how to handle the Credentials object.
  • You have set up a backend application as API. To learn how to do it, follow one of the backend tutorials.

Create an Auth0 API

In the APIs section of the Auth0 dashboard, click Create API. Provide a name and an identifier for your API. You will use the identifier later when you're preparing the Web Authentication. For Signing Algorithm, select RS256.

Create API

Add a Scope

By default, the Access Token does not contain any authorization information. To limit access to your resources based on authorization, you must use scopes. Read more about scopes in the scopes documentation.

In the Auth0 dashboard, in the APIs section, click Scopes. Add any scopes you need to limit access to your API resources.

You can give any names to your scopes. A common pattern is <action>:<resource>. The example below uses the name read:messages for a scope.

create scope

Get the User's Access Token

To retrieve an Access Token that is authorized to access your API, you need to specify the API Identifier value you created in the Auth0 APIs Dashboard.

Present the Hosted Login Page:

Depending on the standards in your API, you configure the authorization header differently. The code below is just an example.

// HomeViewController.swift

let APIIdentifier = "API_IDENTIFIER" // Replace with the API Identifier value you created

    .scope("openid profile")
    .start { result in
        switch result {
        case .failure(let error):
            // Handle the error
            print("Error: \(error)")
        case .success(let credentials):
            // Do something with credentials e.g.: save them.
            // Auth0 will automatically dismiss the hosted login page
            print("Credentials: \(credentials)")

Attach the Access Token

To give the authenticated user access to secured resources in your API, include the user's Access Token in the requests you send to the API.

// ProfileViewController.swift

let token  = ... // The accessToken you stored after authentication
let url = URL(string: "your api url")! // Set to your Protected API URL
var request = URLRequest(url: url)

request.addValue("Bearer \(token)", forHTTPHeaderField: "Authorization")

let task = URLSession.shared.dataTask(with: request) { data, response, error in
    // Parse the response

Send the Request

Send the request you created:

// ProfileViewController.swift

Use Auth0 for FREE