Resource Servers (APIs) represent your APIs in Auth0. Use this resource to create, retrieve, update, and delete APIs, as well as manage their permissions (scopes).
Methods List Resource Servers Retrieve details of all APIs associated with your tenant.
func ( c * Client ) List ( ctx context . Context , request * management . ListResourceServerRequestParameters , opts ... option . RequestOption , ) ( * core . Page [ * int , * management . ResourceServer , * management . ListResourceServerOffsetPaginatedResponseContent ], error )
request
*management.ListResourceServerRequestParameters
Query parameters for filtering and pagination Page number. Zero-based. Defaults to 0
Number of results per page. Defaults to 50
Include total count. Defaults to true
ResourceServer
*management.ResourceServer
ID of the API (resource server)
Friendly name for this resource server
Unique identifier (audience) for the API
List of permissions (scopes) that this API uses
Signing algorithm used for tokens
Token expiration in seconds
Example ctx := context . Background () listRequest := & management . ListResourceServerRequestParameters { PerPage : management . Int ( 25 ), } apisPage , err := mgmt . ResourceServers . List ( ctx , listRequest ) if err != nil { log . Fatalf ( "Error listing resource servers: %v " , err ) } // Iterate through all APIs iterator := apisPage . Iterator () for iterator . Next ( ctx ) { api := iterator . Current () fmt . Printf ( "API: %s (Audience: %s ) \n " , api . GetName (), api . GetIdentifier (), ) } if iterator . Err () != nil { log . Fatalf ( "Error iterating: %v " , iterator . Err ()) }
Create Resource Server Create a new API associated with your tenant.
func ( c * Client ) Create ( ctx context . Context , request * management . CreateResourceServerRequestContent , opts ... option . RequestOption , ) ( * management . CreateResourceServerResponseContent , error )
request
*management.CreateResourceServerRequestContent
required
Friendly name for this resource server
Unique identifier (audience). Cannot be changed once set
List of permissions (scopes) for this API
Signing algorithm. Default is RS256
Token expiration in seconds. Default is 86400 (24 hours)
Whether refresh tokens can be issued
Example createRequest := & management . CreateResourceServerRequestContent { Name : "My API" , Identifier : "https://api.myapp.com" , Scopes : [] * management . ResourceServerScope { { Value : management . String ( "read:items" ), Description : management . String ( "Read items" ), }, { Value : management . String ( "write:items" ), Description : management . String ( "Create and update items" ), }, }, SigningAlg : management . SigningAlgorithmEnumRs256 . Ptr (), TokenLifetime : management . Int ( 86400 ), AllowOfflineAccess : management . Bool ( true ), } api , err := mgmt . ResourceServers . Create ( ctx , createRequest ) if err != nil { log . Fatalf ( "Error creating resource server: %v " , err ) } fmt . Printf ( "Created API: %s (ID: %s ) \n " , api . GetName (), api . GetID ())
All new APIs must be registered with Auth0 before they can be used in authorization flows.
Get Resource Server Retrieve API details with the given ID or audience.
func ( c * Client ) Get ( ctx context . Context , id string , request * management . GetResourceServerRequestParameters , opts ... option . RequestOption , ) ( * management . GetResourceServerResponseContent , error )
ID or audience of the resource server to retrieve
Example api , err := mgmt . ResourceServers . Get ( ctx , "https://api.myapp.com" , & management . GetResourceServerRequestParameters {}) if err != nil { log . Fatalf ( "Error retrieving resource server: %v " , err ) } fmt . Printf ( "API: %s \n " , api . GetName ()) fmt . Printf ( "Token Lifetime: %d seconds \n " , api . GetTokenLifetime ())
Update Resource Server Change an existing API setting by resource server ID or audience.
func ( c * Client ) Update ( ctx context . Context , id string , request * management . UpdateResourceServerRequestContent , opts ... option . RequestOption , ) ( * management . UpdateResourceServerResponseContent , error )
ID or audience of the resource server to update
request
*management.UpdateResourceServerRequestContent
required
Updated token expiration in seconds
Whether to allow refresh tokens
Example updateRequest := & management . UpdateResourceServerRequestContent { TokenLifetime : management . Int ( 7200 ), // 2 hours Scopes : [] * management . ResourceServerScope { { Value : management . String ( "read:items" ), Description : management . String ( "Read items" ), }, { Value : management . String ( "write:items" ), Description : management . String ( "Create and update items" ), }, { Value : management . String ( "delete:items" ), Description : management . String ( "Delete items" ), }, }, } updatedAPI , err := mgmt . ResourceServers . Update ( ctx , "https://api.myapp.com" , updateRequest ) if err != nil { log . Fatalf ( "Error updating resource server: %v " , err ) } fmt . Printf ( "Updated API: %s \n " , updatedAPI . GetName ())
Delete Resource Server Delete an existing API by ID or audience.
func ( c * Client ) Delete ( ctx context . Context , id string , opts ... option . RequestOption , ) error
ID or audience of the resource server to delete
Example err := mgmt . ResourceServers . Delete ( ctx , "https://api.myapp.com" ) if err != nil { log . Fatalf ( "Error deleting resource server: %v " , err ) } fmt . Println ( "API deleted successfully" )
Signing Algorithms Supported signing algorithms:
const ( SigningAlgorithmEnumRs256 SigningAlgorithmEnum = "RS256" SigningAlgorithmEnumHs256 SigningAlgorithmEnum = "HS256" )
Best Practices
Token Lifetimes Set appropriate token lifetimes based on your security requirements. Shorter lifetimes are more secure but may require more frequent token refreshes.
Scopes Design Design granular scopes that represent specific permissions. This enables fine-grained access control in your applications.
Audience Value Use a meaningful URL as the audience identifier. This helps identify the API and cannot be changed after creation.