Management API Access Tokens

To call the Auth0 Management API v2 endpoints, you need to authenticate with an access token called the Auth0 Management API token. These tokens are JSON Web Tokens (JWTs) which contain specific grant permissions known as scopes.

Get Management API tokens

The first time you get a Management API token is when you authorize a machine-to-machine application in the Dashboard. You won't have to do this again unless you create a new tenant. Auth0 recommends that you create a token exclusively for authorizing access to the Management API instead of reusing another one you might have.

Depending on what you are using the Management API for, there are different ways to get Management API tokens:

  • Testing: You can get a token manually using the Auth0 Dashboard for testing purposes.

  • Production: Auth0 recommends that you get a short-lived token programmatically for production.

  • Single page applications (SPAs): Because SPAs are public clients and cannot securely store sensitive information, they must retrieve Management API tokens from the frontend, unlike other application types. There are some limitations.

Token lifetime

A Management API token is valid for 24 hours. Create a new access token when the old one expires.

Token security

When using the token for testing purposes, you can change the expiration time, however Auth0 recommends that you use short-lived tokens to minimize security risks. You cannot renew or revoke a Management API token.

  • Compromised client secret: If your client secret has been compromised, you can rotate the client secret using the Management API /post_rotate_secret endpoint or by clicking the Rotate icon in the application's settings in the Dashboard.

Token quotas

Tokens issued for Auth0 APIs (Management API, Authentication API, MFA API, etc.) do not count toward the M2M token quota listed in the Dashboard. Only tokens with external audiences count toward your quota. See Auth0 Management API Rate Limits for details.

Token quota limits are broken down by subscription tier. See Auth0 Pricing for details. You can access your current quota in the Auth0 Support Center. If you have questions about pricing or quotas, please direct them to our sales team.

Learn more