Create and Authorize Machine-to-Machine Applications for Management API
The first time you get a token for the Management API is when you complete the configuration in the Auth0 Dashboard. You won't have to do this again unless you create a new tenant. We recommend that you create a token exclusively for authorizing access to the Management API instead of reusing another one you might have.
To create and authorize a Machine-to-Machine Application for the Management API:
Click Create & Authorize a Test Application. A new application has been created and is authorized to access the Management API.
The application created in the steps above has been granted all the Management API scopes. This means that it can access all endpoints.
Example: Get All Clients endpoint
The Get all clients endpoint requires the scopes
read:client_keys, while the Create an application endpoint requires the scope
create:clients. From that we can deduce that if we need to read _and_ create applications, then our token should include three scopes:
If you have multiple applications that should access the Management API, and you need different sets of scopes per app, we recommend creating a new machine-to-machine application for each one. For example, if one application is to read and create users (
read:users) and another to read and create applications (
read:clients) create two applications (one for user scopes, one for applications) instead of one.