APIs
Add API Permissions
You can add permissions to an API using the Auth0 Dashboard or the Management API.
By default, any user of any application can ask for any permission defined here. You can implement access policies to limit this behavior via rules.
When adding or updating scopes, Management API requires that you pass all scopes you would to include. If any of the existing scopes are not passed, they will be removed.
Use the Dashboard
-
Go to Dashboard > Applications > APIs and click the name of the API to view.
-
Go to the Permissions tab and enter a permission name and description for the permission you want to add. Be sure not to use any reserved permission names (see Reserved names section).
- Click Add. Remember that individual Applications may need permissions and/or scopes updated to interact properly with the API.
Use the Management API
Patching the permissions with an empty object removes the permissions completely. Make aPATCH call to the Update Resource Server endpoint. Be sure to replace API_ID, MGMT_API_ACCESS_TOKEN, PERMISSION_NAME, and PERMISSION_DESC placeholder values with your API ID, Management API Access Token, permission name(s), and permission description(s), respectively. Be sure not to use any reserved permission names (see Reserved names section).
| Value | Description |
|---|---|
API_ID | ID of the API for which you want to delete permissions. |
MGMT_API_ACCESS_TOKEN | Access Token for the Management API with the scope update:resource_servers. |
PERMISSION_NAME | Name(s) of the permission(s) you want to keep for the specified API. |
PERMISSION_DESC | User-friendly description(s) of the permission(s) you want to keep for the specified API. |
Reserved names
The following permission names are reserved and cannot be set as custom API permissions:- address
- created_at
- email_verified
- family_name
- given_name
- identities
- name
- nickname
- offline_access
- openid
- phone
- picture
- profile