Management API Access Tokens
To call the Auth0 Management API v2 endpoints, you need to authenticate with an access token called the Auth0 Management API token. These tokens are JSON Web Tokens (JWTs) which contain specific grant permissions known as scopes.
Get Management API tokens
The first time you get a Management API token is when you create and authorize a machine-to-machine application in the Dashboard. You won't have to do this again unless you create a new tenant. Auth0 recommends that you create a token exclusively for authorizing access to the Management API instead of reusing another one you might have.
Depending on what you are using the Management API for, there are different ways to get Management API tokens:
Production: Auth0 recommends that you get a short-lived token programmatically for production.
Single page applications (SPAs): Because SPAs are public clients and cannot securely store sensitive information, they must retrieve Management API tokens from the frontend, unlike other application types. There are some limitations.
A Management API token is valid for 24 hours. Create a new access token when the old one expires.
When using the token for testing purposes, you can change the expiration time, however Auth0 recommends that you use short-lived tokens to minimize security risks. You cannot renew or revoke a Management API token.
Compromised token: If a token has been compromised, you can delete the application grant to prevent new tokens from being issued using the Management API
/delete_client_grants_by_idendpoint or by manually deauthorizing the API application in the Dashboard.
Compromised client secret: If your client secret has been compromised, you can rotate the client secret using the Management API
/post_rotate_secretendpoint or by clicking the Rotate icon in the application's settings in the Dashboard.
Tokens issued for Auth0 APIs (Management API, Authentication API, MFA API, etc.) do not count toward the M2M token quota listed in the Dashboard. Only tokens with external audiences count toward your quota. See Auth0 Management API Rate Limits for details.
Token quota limits are broken down by subscription tier. See Auth0 Pricing for details. You can access your current quota in the Auth0 Support Center. If you have questions about pricing or quotas, please direct them to our sales team.