Get Management API Access Tokens for Production (2024)

To make scheduled frequent calls for a production environment, you have to build a process at your backend that will provide you with a token automatically (and thus simulate a non-expiring token).

Prerequisites

Get access tokens

To ask Auth0 for a Management API v2 token, perform a POST operation to the https://{yourDomain}/oauth/token endpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step.

The payload should be in the following format:

cURL
C#
Go
Java
Node.JS
Obj-C
...
- PHP
- Python
- Ruby
- Swift

curl --request POST \ --url 'https://{yourDomain}/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data 'client_id={yourClientId}' \ --data 'client_secret={yourClientSecret}' \ --data 'audience=https://{yourDomain}/api/v2/'

Was this helpful?

var client = new RestClient("https://{yourDomain}/oauth/token");var request = new RestRequest(Method.POST);request.AddHeader("content-type", "application/x-www-form-urlencoded");request.AddParameter("application/x-www-form-urlencoded", "grant_type=client_credentials&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&audience=https%3A%2F%2F{yourDomain}%2Fapi%2Fv2%2F", ParameterType.RequestBody);IRestResponse response = client.Execute(request);

Was this helpful?

package mainimport ("fmt""strings""net/http""io/ioutil")func main() {url := "https://{yourDomain}/oauth/token"payload := strings.NewReader("grant_type=client_credentials&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&audience=https%3A%2F%2F{yourDomain}%2Fapi%2Fv2%2F")req, _ := http.NewRequest("POST", url, payload)req.Header.Add("content-type", "application/x-www-form-urlencoded")res, _ := http.DefaultClient.Do(req)defer res.Body.Close()body, _ := ioutil.ReadAll(res.Body)fmt.Println(res)fmt.Println(string(body))}

Was this helpful?

HttpResponse<String> response = Unirest.post("https://{yourDomain}/oauth/token") .header("content-type", "application/x-www-form-urlencoded") .body("grant_type=client_credentials&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&audience=https%3A%2F%2F{yourDomain}%2Fapi%2Fv2%2F") .asString();

Was this helpful?

var axios = require("axios").default;var options = { method: 'POST', url: 'https://{yourDomain}/oauth/token', headers: {'content-type': 'application/x-www-form-urlencoded'}, data: new URLSearchParams({ grant_type: 'client_credentials', client_id: '{yourClientId}', client_secret: '{yourClientSecret}', audience: 'https://{yourDomain}/api/v2/' })};axios.request(options).then(function (response) { console.log(response.data);}).catch(function (error) { console.error(error);});

Was this helpful?

#import <Foundation/Foundation.h>NSDictionary *headers = @{ @"content-type": @"application/x-www-form-urlencoded" };NSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=client_credentials" dataUsingEncoding:NSUTF8StringEncoding]];[postData appendData:[@"&client_id={yourClientId}" dataUsingEncoding:NSUTF8StringEncoding]];[postData appendData:[@"&client_secret={yourClientSecret}" dataUsingEncoding:NSUTF8StringEncoding]];[postData appendData:[@"&audience=https://{yourDomain}/api/v2/" dataUsingEncoding:NSUTF8StringEncoding]];NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/oauth/token"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0];[request setHTTPMethod:@"POST"];[request setAllHTTPHeaderFields:headers];[request setHTTPBody:postData];NSURLSession *session = [NSURLSession sharedSession];NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }];[dataTask resume];

Was this helpful?

$curl = curl_init();curl_setopt_array($curl, [ CURLOPT_URL => "https://{yourDomain}/oauth/token", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "grant_type=client_credentials&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&audience=https%3A%2F%2F{yourDomain}%2Fapi%2Fv2%2F", CURLOPT_HTTPHEADER => [ "content-type: application/x-www-form-urlencoded" ],]);$response = curl_exec($curl);$err = curl_error($curl);curl_close($curl);if ($err) { echo "cURL Error #:" . $err;} else { echo $response;}

Was this helpful?

import http.clientconn = http.client.HTTPSConnection("")payload = "grant_type=client_credentials&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&audience=https%3A%2F%2F{yourDomain}%2Fapi%2Fv2%2F"headers = { 'content-type': "application/x-www-form-urlencoded" }conn.request("POST", "/{yourDomain}/oauth/token", payload, headers)res = conn.getresponse()data = res.read()print(data.decode("utf-8"))

Was this helpful?

Request Parameter	Description
grant_type	Denotes which OAuth 2.0 flow you want to run. For machine to machine communication use the value `client_credentials`.
client_id	This is the value of the Client ID field of the Machine-to-Machine Application you created. You can find it on the Settings tab of your Application.
client_secret	This is the value of the Client Secret field of the Machine-to-Machine Application you created. You can find it at the Settings tab of your Application.
audience	This is the value of the Identifier field of the `Auth0 Management API`. You can find it at the Settings tab of the API.

Use Auth0's Node.js client library

As an alternative to making HTTP calls, you can use the node-auth0 library to automatically obtain tokens for the Management API.

Use access tokens

To use this token, include it in the Authorization header of your request.

cURL
C#
Go
Java
Node.JS
Obj-C
...
- PHP
- Python
- Ruby
- Swift

curl --request POST \ --url http:///%7BmgmtApiEndpoint%7D \ --header 'authorization: Bearer {yourMgmtApiAccessToken}' \ --header 'content-type: application/json'

Was this helpful?

var client = new RestClient("http:///%7BmgmtApiEndpoint%7D");var request = new RestRequest(Method.POST);request.AddHeader("content-type", "application/json");request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");IRestResponse response = client.Execute(request);

Was this helpful?

package mainimport ("fmt""net/http""io/ioutil")func main() {url := "http:///%7BmgmtApiEndpoint%7D"req, _ := http.NewRequest("POST", url, nil)req.Header.Add("content-type", "application/json")req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")res, _ := http.DefaultClient.Do(req)defer res.Body.Close()body, _ := ioutil.ReadAll(res.Body)fmt.Println(res)fmt.Println(string(body))}

Was this helpful?

HttpResponse<String> response = Unirest.post("http:///%7BmgmtApiEndpoint%7D") .header("content-type", "application/json") .header("authorization", "Bearer {yourMgmtApiAccessToken}") .asString();

Was this helpful?

var axios = require("axios").default;var options = { method: 'POST', url: 'http:///%7BmgmtApiEndpoint%7D', headers: { 'content-type': 'application/json', authorization: 'Bearer {yourMgmtApiAccessToken}' }};axios.request(options).then(function (response) { console.log(response.data);}).catch(function (error) { console.error(error);});

Was this helpful?

See Also

What is Microsoft Dataverse

#import <Foundation/Foundation.h>NSDictionary *headers = @{ @"content-type": @"application/json", @"authorization": @"Bearer {yourMgmtApiAccessToken}" };NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http:///%7BmgmtApiEndpoint%7D"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0];[request setHTTPMethod:@"POST"];[request setAllHTTPHeaderFields:headers];NSURLSession *session = [NSURLSession sharedSession];NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }];[dataTask resume];

Was this helpful?

$curl = curl_init();curl_setopt_array($curl, [ CURLOPT_URL => "http:///%7BmgmtApiEndpoint%7D", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ "authorization: Bearer {yourMgmtApiAccessToken}", "content-type: application/json" ],]);$response = curl_exec($curl);$err = curl_error($curl);curl_close($curl);if ($err) { echo "cURL Error #:" . $err;} else { echo $response;}

Was this helpful?

import http.clientconn = http.client.HTTPConnection("")headers = { 'content-type': "application/json", 'authorization': "Bearer {yourMgmtApiAccessToken}" }conn.request("POST", "%7BmgmtApiEndpoint%7D", headers=headers)res = conn.getresponse()data = res.read()print(data.decode("utf-8"))

Was this helpful?

require 'uri'require 'net/http'url = URI("http:///%7BmgmtApiEndpoint%7D")http = Net::HTTP.new(url.host, url.port)request = Net::HTTP::Post.new(url)request["content-type"] = 'application/json'request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'response = http.request(request)puts response.read_body

Was this helpful?

import Foundationlet headers = [ "content-type": "application/json", "authorization": "Bearer {yourMgmtApiAccessToken}"]let request = NSMutableURLRequest(url: NSURL(string: "http:///%7BmgmtApiEndpoint%7D")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0)request.httpMethod = "POST"request.allHTTPHeaderFields = headerslet session = URLSession.sharedlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) }})dataTask.resume()

Was this helpful?

For example, in order to Get all applications use the following:

cURL
C#
Go
Java
Node.JS
Obj-C
...
- PHP
- Python
- Ruby
- Swift

curl --request GET \ --url 'https://{yourDomain}/api/v2/clients' \ --header 'authorization: Bearer {yourAccessToken}' \ --header 'content-type: application/json'

Was this helpful?

var client = new RestClient("https://{yourDomain}/api/v2/clients");var request = new RestRequest(Method.GET);request.AddHeader("content-type", "application/json");request.AddHeader("authorization", "Bearer {yourAccessToken}");IRestResponse response = client.Execute(request);

Was this helpful?

package mainimport ("fmt""net/http""io/ioutil")func main() {url := "https://{yourDomain}/api/v2/clients"req, _ := http.NewRequest("GET", url, nil)req.Header.Add("content-type", "application/json")req.Header.Add("authorization", "Bearer {yourAccessToken}")res, _ := http.DefaultClient.Do(req)defer res.Body.Close()body, _ := ioutil.ReadAll(res.Body)fmt.Println(res)fmt.Println(string(body))}

Was this helpful?

HttpResponse<String> response = Unirest.get("https://{yourDomain}/api/v2/clients") .header("content-type", "application/json") .header("authorization", "Bearer {yourAccessToken}") .asString();

Was this helpful?

var axios = require("axios").default;var options = { method: 'GET', url: 'https://{yourDomain}/api/v2/clients', headers: {'content-type': 'application/json', authorization: 'Bearer {yourAccessToken}'}};axios.request(options).then(function (response) { console.log(response.data);}).catch(function (error) { console.error(error);});

Was this helpful?

#import <Foundation/Foundation.h>NSDictionary *headers = @{ @"content-type": @"application/json", @"authorization": @"Bearer {yourAccessToken}" };NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/clients"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0];[request setHTTPMethod:@"GET"];[request setAllHTTPHeaderFields:headers];NSURLSession *session = [NSURLSession sharedSession];NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }];[dataTask resume];

Was this helpful?

$curl = curl_init();curl_setopt_array($curl, [ CURLOPT_URL => "https://{yourDomain}/api/v2/clients", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => [ "authorization: Bearer {yourAccessToken}", "content-type: application/json" ],]);$response = curl_exec($curl);$err = curl_error($curl);curl_close($curl);if ($err) { echo "cURL Error #:" . $err;} else { echo $response;}

Was this helpful?

import http.clientconn = http.client.HTTPSConnection("")headers = { 'content-type': "application/json", 'authorization': "Bearer {yourAccessToken}" }conn.request("GET", "/{yourDomain}/api/v2/clients", headers=headers)res = conn.getresponse()data = res.read()print(data.decode("utf-8"))

Was this helpful?

require 'uri'require 'net/http'require 'openssl'url = URI("https://{yourDomain}/api/v2/clients")http = Net::HTTP.new(url.host, url.port)http.use_ssl = truehttp.verify_mode = OpenSSL::SSL::VERIFY_NONErequest = Net::HTTP::Get.new(url)request["content-type"] = 'application/json'request["authorization"] = 'Bearer {yourAccessToken}'response = http.request(request)puts response.read_body

Was this helpful?

import Foundationlet headers = [ "content-type": "application/json", "authorization": "Bearer {yourAccessToken}"]let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/clients")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0)request.httpMethod = "GET"request.allHTTPHeaderFields = headerslet session = URLSession.sharedlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) }})dataTask.resume()

Was this helpful?

You can get the curl command for each endpoint from the Management API v2 Explorer. Go to the endpoint you want to call, and click the get curl command link at the Test this endpoint section.

Example: Python implementation

This python script gets a Management API v2 Access Token, uses it to call the Get all applications endpoint, and prints the response in the console.

Before you run it make sure that the following variables hold valid values:

AUDIENCE: The Identifier of the Auth0 Management API. You can find it at the Settings tab of the API.
DOMAIN: The Domain of the Machine-to-Machine Application you created.
CLIENT_ID: The Client ID of the Machine to Machine Application you created.
CLIENT_SECRET: The Client Secret of the Machine-to-Machine Application you created.

def main(): import json, requests from requests.exceptions import RequestException, HTTPError, URLRequired # Configuration Values domain = 'YOUR_DOMAIN' audience = f'https://{domain}/api/v2/' client_id = 'YOUR_CLIENT_ID' client_secret = 'YOUR_CLIENT_SECRET' grant_type = "client_credentials" # OAuth 2.0 flow to use # Get an Access Token from Auth0 base_url = f"https://{domain}" payload = { 'grant_type': grant_type, 'client_id': client_id, 'client_secret': client_secret, 'audience': audience } response = requests.post(f'{base_url}/oauth/token', data=payload) oauth = response.json() access_token = oauth.get('access_token') # Add the token to the Authorization header of the request headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } # Get all Applications using the token try: res = requests.get(f'{base_url}/api/v2/clients', headers=headers) print(res.json()) except HTTPError as e: print(f'HTTPError: {str(e.code)} {str(e.reason)}') except URLRequired as e: print(f'URLRequired: {str(e.reason)}') except RequestException as e: print(f'RequestException: {e}') except Exception as e: print(f'Generic Exception: {e}')# Standard boilerplate to call the main() function.if __name__ == '__main__': main()

Was this helpful?

Learn more

Get Management API Access Tokens for Testing
Get Management API Access Tokens for Single-Page Applications
Applications in Auth0

Get Management API Access Tokens for Production (2024)

FAQs

How to get management API access token? ›

Get access tokens

To ask Auth0 for a Management API v2 token, perform a POST operation to the https://{yourDomain}/oauth/token endpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step.

Read On ›

How do I get an API access token? ›

Navigate to the API access page in the admin UI (available at the URL /admin/api ). Use the navigation menu item "Configure" and select "API access". On the API access page, use the "New API token" button to navigate to the token creation form.

Discover More Details ›

What is a production API token? ›

You can create public and private keys or API tokens in either the production or sandbox environment. API tokens secure the communication between an app integration and your merchant account. You can use an API token to integrate online payments with your e-commerce website.

What is API token management? ›

Application programming interface (API) token management is a login authentication process that allows a computer user to access a range of third party applications in a unified and streamlined environment.

See Details ›

How do I get MDM tokens? ›

In the Device Enrollment Program section:

Click Manage Servers.
Open the MDM Server that has the managed devices.
When prompted, upload the public key you downloaded from the Admin console.
Download the server token from Apple.

Find Out More ›

How do you generate access tokens? ›

Get Access Tokens

To request an access token , make a POST call to the token URL.
When a user authenticates, you request an access token and include the target audience and scope of access in your request. ...
In only one specific instance, access tokens can have multiple target audiences.

More items...

Tell Me More ›

How do I generate a REST API token? ›

If you would like to regenerate the token, go to the User Edit form -> REST API Token tab. Click the "Regenerate Token" button. The system will generate a new token here.

Show Me More ›

Is API token the same as access token? ›

So, access token is equivalent to API Key. Whoever gets it, should have it secure similar like API Keys. And OAuth calls should be made via HTTPS similar to API Key based calls. Another advantage over OAuth is Authorization.

Explore More ›

How to generate API key token? ›

To generate an API key

Select Apps & Integrations. Navigate to the API Access tab and select Generate new access token. You must copy and store this key somewhere safe. For security reasons, it won't be visible again in your account settings.

How are API tokens typically generated? ›

An API token follows a set series of steps. First, the API verifies the username and password from the payload. Once these are verified, the API sends an asset to your browser to be stored. Then anytime you send a query to the API, the access token is sent along with it.

Show Me More ›

What is an API token example? ›

API tokens also carry the scope of access granted to a specific user. This allows the server to both authenticate requests of the calling user and validate the extent of API usage. For example, a user can use a single sign-on token to access a group of APIs.

Read The Full Story ›

How do I pass an API authentication token? ›

There are two ways to pass your API token to Dataverse Software APIs. The preferred method is to send the token in the X-Dataverse-key HTTP header, as in the following curl example. The second way to pass your API token is via a query parameter called key in the URL like below.

See Details ›

How to get API access token? ›

You use the client ID and one private key to create a signed JWT and construct an access-token request in the appropriate format. Your application then sends the token request to the Google OAuth 2.0 Authorization Server, which returns an access token. The application uses the token to access a Google API.

Get More Info Here ›

Where can I find an API token? ›

If you ever need your personal API key, it can be found under Settings > Personal preferences > API. If you cannot find your API token here, it may be that the permission set you are in does not have that permission enabled. You can learn more about permission sets in this article.

How to store API access token? ›

If your app needs to call APIs on behalf of the user, access tokens and (optionally) refresh tokens are needed. These can be stored server-side or in a session cookie. The cookie needs to be encrypted and have a maximum size of 4 KB.

How do I find my admin API access token? ›

To generate your access token:

Head to the tab 'API Credentials'.
Click on 'Install' in the "Access tokens" box.
Confirm the installation by clicking on 'Install' in the window that appears.
Now you will see your Admin API Access Token has been generated. Click on 'Reveal token once' and you will see the token.

View Details ›

How do I get an access token for API in MSAL? ›

The pattern for acquiring tokens for APIs with MSAL. js is to first attempt a silent token request by using the acquireTokenSilent method. When this method is called, the library first checks the cache in browser storage to see if a non-expired access token exists and returns it.

How to get contentful management API token? ›

API keys in the Contentful web app

Open the space that you want to access (the top left corner lists all spaces), and navigate to the Settings > API keys. Select the API keys option and create your first token.

Learn More ›

How do I get my FCM access token? ›

The FCM HTTP v1 API authorizes requests with a short-lived OAuth 2.0 access token. To mint this token, you can use Google Application Default Credentials (in Google server environments) and/or manually obtain the required credentials from a JSON private key file generated for a service account.

Discover More Details ›