Creating a Client and Getting All Clients
Learn to create a client and get all clients using Auth0 API.
A client is an important component of the authentication process. A client makes a lot of things easier and encapsulates many low-level things at the same time. In this lesson, we'll see how we can create a client or an application and get a list of our clients using an API call.
We'll use the https://{{DOMAIN}}/api/v2/clients endpoint to achieve these tasks. Creating a client is a POST request, while getting all clients is a GET request.
Creating a client
Creating a client in Auth0 is crucial in establishing secure authentication and authorization for our application. In Auth0, a client represents an application or service that uses Auth0 for authentication and authorization. To create a client, we must provide an access token that has been granted the create:clients scope. This access token allows us to create and configure a client, enabling our application or service to authenticate and authorize users through Auth0 securely. The endpoint requires our access token to have create:clients scope.
Request parameters
Since this is a POST request, we have a list of parameters we pass as body parameters. Let's have a look at some important ones in the table below:
Parameter Name | Type | Category | Description |
| String | Required | Defines the name of the application. The length of this string should be at least one character. The |
| String | Optional | Defines the client's description with a maximum limit of 140 characters. |
| String | Optional | Takes a list of valid URLs that this application will use to redirect the user after logging in. In the case of multiple URLs, they are separated by a comma. |
| String | Optional | Defines a comma-separated list of supported grant types we want for this client. The following are some values that can be used:
|
| String | Optional | Defines the type of application. Auth0 supports majorly four types of applications, as mentioned below:
|
| String | Optional | Defines valid URLs in the form of a comma-separated list to redirect the users after they log out. |
| String | Required | Defines the rotation type of the refresh token if it is rotating or non-rotating. The |
| String | Required | Defines the expiration type of the refresh token. Its value can either be |
| Integer | Optional | Defines the time in seconds for which this refresh token remains valid. |
The following code creates a client and returns the client ID. Please click the “Save” button to use that ID in the upcoming lessons. Let's create a client in the code widget below:
// Importing libraries hereconst fetch = require('node-fetch');const endpointUrl = new URL('https://{{DOMAIN}}/api/v2/clients');const headerParameters = {'Content-Type': 'application/json','Authorization': 'Bearer {{ACCESS_TOKEN}}',}const bodyParameters = JSON.stringify({"name": "Sample Client","description": "A sample client created by an API call","callbacks": ["https://ed-6532034605875200.educative.run/callback"],"grant_types": ["client_credentials"],"app_type": "non_interactive",});const options = {method: 'POST',headers: headerParameters,body: bodyParameters,};async function createClient() {try {const response = await fetch(endpointUrl, options);printResponse(response);} catch (error) {printError(error);}}createClient();
Let’s look at the highlighted lines from the code shown above:
Line 4: We define the endpoint to create a client.
Lines 6–9: We define the
headerParametersobject, which tells the API call about the type of data we are sending and the access token.Lines 11–21: We define the
bodyParametersobject.Line 12: We define the
nameof our client.Line 13: We define the
descriptionof our client.Lines 14–16: We define the callback URL in
callbacks.Lines 17–19: We define grant types for our clients.
Line 20: We define our application type as
non_interactive, which means we are creating a machine-to-machine application that runs on the backend.
Lines 23–27: We define the
optionsobject used to pass data required to make an API call.Line 31: We make a
POSTrequest using thefetchfunction.Line 38: We invoke the
createClientfunction.
Response fields
The successful execution of the above code creates a new client and returns its details.
Name | Description |
| Gives the tenant name of this client. |
| Defines the unique identification of the client. |
| Defines the client's secret. This must be kept very carefully and should not be shared publically. It is recommended not to define |
| Defines the attributes related to the refresh token. We have seen some of them in the request parameters table. |
Getting all clients
Sometimes, we may need to retrieve all the available clients—this endpoint is useful in situations like these. In this section, we'll see how we can retrieve all the clients and which parameters can be used to filter the results. This operation requires our access token to have read:clients, read:client_keys scopes. Some fields can only be retrieved if the appropriate scope is granted, like encryption_key, encryption_key.pub, and client_secret, which are accessible via the read:client_keys scope.
Request parameters
This API call does not take body parameters but supports some query parameters to filter the response. Let's see these parameters in the table below:
Parameter Name | Type | Category | Description |
| String | Optional | Defines the fields we want to include or exclude in the response. It takes a comma-separated list of fields. |
| Boolean | Optional | Defines the inclusion and exclusion of the fields defined in the |
| Integer | Optional | Defines the page index from the result to be returned. The first page has an index of 0. |
| Integer | Optional | Defines the number of items on a single page. Its default value is 50, and the maximum value is 100. |
| Boolean | Optional | Returns the total count of users along with the result in an object. Its default value is |
| Boolean | Optional | Applies a filter on the |
| Boolean | Optional | Filters the clients based on their first-party and third-party status. A first-party client is a client owned and operated by the same organization as the Auth0 account. |
| String | Optional | Filters the client based on the mentioned application type. |
Next, let’s retrieve all clients listed under our Auth0 profile. Click the “Run” button to execute the code.
// Importing libraries hereconst fetch = require('node-fetch');const endpointUrl = new URL('https://{{DOMAIN}}/api/v2/clients');const headerParameters = {'Content-Type': 'application/json','Authorization': 'Bearer {{ACCESS_TOKEN}}',}// Define Query Parameters hereconst queryParameters = new URLSearchParams({include_totals: true,is_global: false,});const options = {method: 'GET',headers: headerParameters,};async function getAllClients() {try {endpointUrl.search = queryParameters;const response = await fetch(endpointUrl, options);printResponse(response);} catch (error) {printError(error);}}getAllClients();
Let’s look at the highlighted lines from the code shown above:
Line 4: We define
endpointUrlfor this API call.Lines 12–15: We define two query parameters that apply the filter on the response.
Line 24: We assign the query parameters defined in
queryParametertoendpointUrl.Line 25: We make a
GETrequest using thefetchfunction.Line 32: We invoke the
getAllClientsfunction.
Response fields
The successful execution of the above code returns all clients in a clients array along with some additional fields. Let's see them in the table below:
Response Field | Description |
| Shows the total count of clients. |
| Shows the starting page index of the response. |
| Shows the limit of items that can be displayed per page. |
| The array that contains all clients and the corresponding information. The fields of the array have been described earlier. |