iOS Swift: Calling APIs

Gravatar for
By Martin Walsh

You may want to restrict access to your API resources, so that only authenticated users with sufficient privileges can access them. Auth0 lets you manage access to these resources using API Authorization.

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • CocoaPods 1.2.1
  • Version 8.3.2 (8E2002)
  • iPhone 7 - iOS 10.3 (14E269)
Show requirements

Auth0 provides a set of tools for protecting your resources with end-to-end authentication in your application.

In this tutorial, you'll learn how to get a token, attach it to a request (using the authorization header), and call any API you need to authenticate with.

Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:

  • You have completed the Session Handling tutorial and you know how to handle the Credentials object.
  • You have set up a backend application as API. To learn how to do it, follow one of the backend tutorials.

Create an Auth0 API

In the APIs section of the Auth0 dashboard, click Create API. Provide a name and an identifier for your API. You will use the identifier later when you're preparing the Web Authentication. For Signing Algorithm, select RS256.

Create API

Add a Scope

By default, the Access Token does not contain any authorization information. To limit access to your resources based on authorization, you must use scopes. Read more about scopes in the scopes documentation.

In the Auth0 dashboard, in the APIs section, click Scopes. Add any scopes you need to limit access to your API resources.

You can give any names to your scopes. A common pattern is <action>:<resource>. The example below uses the name read:messages for a scope.

create scope

Get the User's Access Token

To retrieve an access token that is authorized to access your API, you need to specify the API Identifier value you created in the Auth0 APIs Dashboard.

Present the Hosted Login Page:

Depending on the standards in your API, you configure the authorization header differently. The code below is just an example.

// HomeViewController.swift
let APIIdentifier = "API_IDENTIFIER" // Replace with the API Identifier value you created

    .scope("openid profile")
    .start {
        switch $0 {
        case .failure(let error):
            // Handle the error
            print("Error: \(error)")
        case .success(let credentials):
            // Do something with credentials e.g.: save them.
            // Auth0 will automatically dismiss the hosted login page
            print("Credentials: \(credentials)")

Attach the Access Token

To give the authenticated user access to secured resources in your API, include the user's access token in the requests you send to the API.

// ProfileViewController.swift

let token  = ... // The accessToken you stored after authentication
let url = URL(string: "your api url")! // Set to your Protected API URL
var request = URLRequest(url: url)

request.addValue("Bearer \(token)", forHTTPHeaderField: "Authorization")
let task = URLSession.shared.dataTask(with: request) { data, response, error in
    // Parse the response

Send the Request

Send the request you created:

// ProfileViewController.swift

Previous Tutorial
3. User Sessions
Next Tutorial
5. Authorization
Was this article helpful?
Use Auth0 for FREECreate free Account