Learn how to get Access Tokens to make scheduled frequent calls to the Management API.
To make scheduled frequent calls for a production environment, you have to build a process at your backend that will provide you with a token automatically (and thus simulate a non-expiring token).
To ask Auth0 for a v2 token, perform a POST operation to the https://{yourDomain}/oauth/token endpoint, using the credentials of the Machine-to-Machine Application you created in the prerequisite step.The payload should be in the following format:
Denotes which OAuth 2.0 flow you want to run. For machine to machine communication use the value client_credentials.
client_id
This is the value of the Client ID field of the Machine-to-Machine Application you created. You can find it on the Settings tab of your Application.
client_secret
This is the value of the Client Secret field of the Machine-to-Machine Application you created. You can find it at the Settings tab of your Application.
audience
This is the value of the Identifier field of the Auth0 Management API. You can find it at the Settings tab of the API.
Use the update:client_grants and create:client_grants scopes with only high-privileged applications, as they allow the client to grant further permissions to itself.
The response will contain a signed JWT, an expiration time, the scopes granted, and the token type.
From the above, we can see that our will expire in 24 hours (86400 seconds), it has been authorized to read and create applications, and it is a Bearer Access Token.
You can get the curl command for each endpoint from the Management API v2 Explorer. Go to the endpoint you want to call, and click the get curl command link at the Test this endpoint section.
This python script gets a Management API v2 Access Token, uses it to call the Get all applications endpoint, and prints the response in the console.Before you run it make sure that the following variables hold valid values:
AUDIENCE: The Identifier of the Auth0 Management API. You can find it at the Settings tab of the API.
DOMAIN: The Domain of the Machine-to-Machine Application you created.
CLIENT_ID: The of the Machine to Machine Application you created.
CLIENT_SECRET: The Client Secret of the Machine-to-Machine Application you created.
Report incorrect code
Copy
Ask AI
def main(): import json, requests from requests.exceptions import RequestException, HTTPError, URLRequired # Configuration Values domain = 'YOUR_DOMAIN' audience = f'https://{domain}/api/v2/' client_id = 'YOUR_CLIENT_ID' client_secret = 'YOUR_CLIENT_SECRET' grant_type = "client_credentials" # OAuth 2.0 flow to use # Get an Access Token from Auth0 base_url = f"https://{domain}" payload = { 'grant_type': grant_type, 'client_id': client_id, 'client_secret': client_secret, 'audience': audience } response = requests.post(f'{base_url}/oauth/token', data=payload) oauth = response.json() access_token = oauth.get('access_token') # Add the token to the Authorization header of the request headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } # Get all Applications using the token try: res = requests.get(f'{base_url}/api/v2/clients', headers=headers) print(res.json()) except HTTPError as e: print(f'HTTPError: {str(e.code)} {str(e.reason)}') except URLRequired as e: print(f'URLRequired: {str(e.reason)}') except RequestException as e: print(f'RequestException: {e}') except Exception as e: print(f'Generic Exception: {e}')# Standard boilerplate to call the main() function.if __name__ == '__main__': main()