Create API key
Provisions an Auth0 application and returns the client credentials.
Key types:
m2m(default) — Machine-to-Machine, usesclient_credentialsgrant. Suitable for server-side integrations. Returnsclient_id+client_secret. The secret is shown only once — store it securely.application— Browser SPA, uses Authorization Code + PKCE. Users authenticate via Auth0 Universal Login; effective scopes =user.permissions ∩ key.permissions. Read-only — all permissions must start withread:. Returnsclient_idonly (no secret). Requiresallowed_originsandallowed_callback_urls.
Calling the API with the created M2M key: subsequent API requests must include an Authorization bearer token (obtained by exchanging the key’s client_id + client_secret at the Auth0 token endpoint) and X-Client-Id set to the issued client_id. Application (SPA) keys use Authorization Code + PKCE instead — see the Authentication guide.
Authorizations
OAuth2 client-credentials flow against the Dealroom Auth0 tenant. Use the client_id / client_secret from a Programmatic API key. Tokens are valid for 24h — Swagger UI will reuse the same token across operations.
Body
- Option 1
- Option 2
Programmatic key using client_credentials grant — server-side only.
m2m "m2m"
A human-readable name for the API key
1 - 100"Production integration"
Permissions to grant (must be a subset of your own)
1["read:entities", "read:investors"]Response
API key created