Management API Access Tokens

To call the Auth0 Management API, you must provide an access token that contains the appropriate audience and scopes.

The audience value for the Management API is https://{yourDomain}/api/v2/.

Each Management API endpoint requires a specific set of scopes. Refer to the Management API Explorer for more information.

The default token lifetime for the Management API is 86,400 seconds (24 hours).

You can configure the token lifetime for each API individually.

• Access token: Once issued, an access token cannot be revoked. Auth0 recommends that you restrict the lifetime of your access tokens to the shortest value possible allowed by your use case.

• Refresh token: You can revoke a refresh token using the Dashboard, the Authentication API, or the Management API.

• Client secret: You can rotate an application's client secret using the Dashboard or the Management API.

Token quotas are determined by subscription tier. You can review your current quota in the Auth0 Support Center. If you have questions about pricing or quotas, please contact our sales team.

• Tokens issued for internal Auth0 audiences do not count toward your quota.

• Tokens issued for custom audiences count toward your quota and are subject to Auth0 Management API Rate Limits.

• Get Management API Access Tokens for Testing
• Get Management API Access Tokens for Production
• Get Management API Access Tokens for Single-Page Applications
• Changes in Auth0 Management APIv2 Tokens
• Migrate to Management API Endpoints with Access Tokens