Skip to main content

How to get your API keys

Auth0 Fine Grained Authorization (FGA) is the early-stage product we are building at Auth0 to solve fine-grained authorization at scale. Sign up for the Developer Community Preview to try it out, and join our Discord community if you are interested in learning more about our plans.

Please note that at this point in time, it is not considered production-ready and does not come with any SLAs; availability and uptime are not guaranteed. Limitations of Auth0 FGA during the Developer Community Preview can be found here.

This section will illustrate how to get your Auth0 FGA API keys to call the API.

Before you start

You must have an Auth0 FGA account. You can sign up for one on the Auth0 FGA dashboard.

Sign up here if you need to obtain an account. Contact us at Discord for further information.

Step by Step

When using the Auth0 FGA SDKs or calling the API you will need:

  • A Store ID
  • A Client ID (not needed for the Playground environment)
  • A Client Secret (not needed for the Playground environment)

Also in order to call the API and exchange your Client ID and Secret with a Bearer Token (Not needed for the Playground Environment), you will need the following:

# For the Developer Community Preview

# For the Playground

In order to get your Store ID and your API keys, follow the steps below:

Management Dashboard (DCP)

01. Settings page

To obtain your API keys, select "Settings" from the Dashboard's sidebar menu.

Image showing Auth0 FGA settings page

02. Setting Auth0 FGA environment variable

For the developer preview, when using the SDKs either keep the environment variable FGA_ENVIRONMENT empty or set it to us.

03. Obtain store ID

The Store ID is available in the Store Settings section. Store this value in FGA_STORE_ID environment variable.

Image showing Auth0 FGA settings page

04. Create credentials and obtain client secret

  1. If you do not have the client secret, you will be presented with the Create Credentials button. Click this Create Credentials button. Otherwise if you already have the client secret, you may proceed to Step 05. Obtain client ID.

    Image showing Auth0 FGA settings page click create credential

  1. Enter the credential name in the provided text box. This credential name is used to easily identify your credentials in the future. Click Submit button when done.

    Image showing Auth0 FGA credential name page

  2. A popup window will be presented with the client secret in the Secret text box. Copy this value and store it in the FGA_CLIENT_SECRET environment variable. Click Confirm once you have saved this value in a secure location.

    Image showing Auth0 FGA credential secret popup


The client secret will need to be regenerated by clicking the if it is lost or compromised in any way.

05. Obtain client ID

Once the client secret is generated, the client ID is available in the API Credentials panel's ID text box. Save this value in the FGA_CLIENT_ID environment variable.

Image showing Auth0 FGA client ID

06. Obtain bearer token

If the API is to be invoked via the API Docs viewer or directly instead of through SDKs, you will need to obtain access token for use in later steps:

# Not needed when calling the Playground API
curl -X POST \ \
-H 'content-type: application/json' \
-d '{"client_id":"'$FGA_CLIENT_ID'","client_secret":"'$FGA_CLIENT_SECRET'","audience":"","grant_type":"client_credentials"}'

# The response will be returned in the form
# {
# "access_token": "eyJ...Ggg",
# "expires_in": 86400,
# "scope": "read:tuples write:tuples check:tuples ... write:authorization-models",
# "token_type": "Bearer"
# }
# Store this `access_token` value in environment variable `FGA_BEARER_TOKEN`

# For non-playground environment
# For playground environment
Auth0 FGA Dashboard

Introduction to the Auth0 FGA Dashboard.

Have Feedback?

Join us on the Discord community if you have any questions or suggestions.