Auth0 API

Resource Servers

resource_servers

Methods

Create A Resource Server -> { id, allow_offline_access, authorization_details, 15 more... }
post/resource-servers

Create a new API associated with your tenant. Note that all new APIs must be registered with Auth0. For more information, read APIs.

Delete A Resource Server ->
delete/resource-servers/{id}

Delete an existing API by ID. For more information, read API Settings.

Get Resource Servers -> ResourceServersPageNumberPage<{ id, allow_offline_access, authorization_details, 15 more... }>
get/resource-servers

Retrieve details of all APIs associated with your tenant.

Get A Resource Server -> { id, allow_offline_access, authorization_details, 15 more... }
get/resource-servers/{id}

Retrieve API details with the given ID.

Update A Resource Server -> { id, allow_offline_access, authorization_details, 15 more... }
patch/resource-servers/{id}

Change an existing API setting by resource server ID. For more information, read API Settings.

Security

Example: Authorization: Bearer My Bearer Token

Parameters
id: string
Response fields
id: string
Optional

ID of the API (resource server).

allow_offline_access: boolean
Optional

Whether refresh tokens can be issued for this API (true) or not (false).

authorization_details: Array<unknown>
Optional
client: unknown
Optional
consent_policy: "transactional-authorization-with-mfa"
Optional
enforce_policies: boolean
Optional

Whether authorization polices are enforced (true) or unenforced (false).

identifier: string
Optional

Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set.

is_system: boolean
Optional

Whether this is an Auth0 system API (true) or a custom API (false).

name: string
Optional

Friendly name for this resource server. Can not contain < or > characters.

proof_of_possession: { mechanism, required }
Optional

Proof-of-Possession configuration for access tokens

scopes: Array<{ value, description }>
Optional

List of permissions (scopes) that this API uses.

signing_alg: "HS256" | "RS256" | "RS512" | 1 more...
Optional

Algorithm used to sign JWTs. Can be HS256 or RS256. PS256 available via addon.

signing_secret: string
Optional
(minLength: 16)

Secret used to sign tokens when using symmetric algorithms (HS256).

skip_consent_for_verifiable_first_party_clients: boolean
Optional

Whether to skip user consent for applications flagged as first party (true) or not (false).

token_dialect: "access_token" | "access_token_authz" | "rfc9068_profile" | 1 more...
Optional

Dialect of access tokens that should be issued. access_token is a JWT containing standard Auth0 claims; rfc9068_profile is a JWT conforming to the IETF JWT Access Token Profile. access_token_authz and rfc9068_profile_authz additionally include RBAC permissions claims.

token_encryption: { encryption_key, format }
Optional
token_lifetime: number
Optional

Expiration value (in seconds) for access tokens issued for this API from the token endpoint.

token_lifetime_for_web: number
Optional

Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the token_lifetime value.

Request example
200Example