Register APIs

  1. Go to Dashboard > Applications > APIs, and select + Create API.

    Dashboard Applications APIs Create API Screen

  2. Provide the following information for your API, and click Create:

    Field Description Example
    Name A friendly name for the API. Does not affect any functionality. yourDomain
    Identifier A unique identifier for the API. Auth0 recommends using a URL. Auth0 does differentiate between URLs that include the last forward slash. For example, https://example.com and https://example.com/ are two different identifiers. The URL does not have to be a publicly available URL. Auth0 will not call your API. This value cannot be modified afterwards. https://{yourDomain}
    JSON Web Token (JWT) Profile The profile determines the format of the access tokens issued for the API. The available values are Auth0 and RFC 9068. To learn more, read Access Token Profiles. access_token
    JSON Web Token (JWT) Signing Algorithm The algorithm to sign the access tokens with. The available values are HS256, PS256, RS256. If you select RS256, the token will be signed with the tenant's private key. HS256

  3. Make the implementation changes to your API that are described in the QuickStart. These changes consist of choosing a JWT library from a predefined list and configuring this library to validate the access tokens in your API.

    Dashboard - Applications - APIs - Quickstart

The other available Dashboard views for your API are:

  • Settings: Lists the settings for your API. Some are editable. Here you can change the token expiration time and enable offline access (this way Auth0 will allow your applications to ask for refresh tokens for this API).

  • Scopes: Define the scopes for this API by setting a name and a description.

  • Machine to Machine Applications: Lists all applications for which the Client Credentials grant is enabled. By default, this grant is enabled for regular web applications and machine-to-machine applications. You can authorize any of these applications to request access tokens for your API. Optionally, you can select a subset of the defined scopes to limit your authorized application's access.

  • Test: Execute a sample client credentials flow with any of your authorized applications to check that everything is working as expected.

Learn more