How to get your API keys
note
Please note that at this point in time, it is not considered production-ready and does not come with any SLAs; availability and uptime are not guaranteed. Limitations of Auth0 FGA during the Developer Community Preview can be found here.
This section will illustrate how to get your Auth0 FGA API keys to call the API.
Before you start
You must have an Auth0 FGA account. You can sign up for one on the Auth0 FGA dashboard.
Sign up here if you need to obtain an account. Contact us at Discord for further information.
Step by Step
When using the Auth0 FGA SDKs or calling the API you will need:
- A Store ID
- A Client ID (not needed for the Playground environment)
- A Client Secret (not needed for the Playground environment)
Also in order to call the API and exchange your Client ID and Secret with a Bearer Token (Not needed for the Playground Environment), you will need the following:
# For the Developer Community Preview
# * FGA_API_URL: https://api.us1.fga.dev
# * FGA_TOKEN_ISSUER_URL: https://fga.us.auth0.com/oauth/token
# * FGA_API_AUDIENCE: https://api.us1.fga.dev/
# For the Playground
# * FGA_API_URL: https://api.playground.fga.dev
In order to get your Store ID and your API keys, follow the steps below:
- Management Dashboard (Production)
- Playground
Management Dashboard (DCP)
01. Settings page
To obtain your API keys, select "Settings" from the Dashboard's sidebar menu.
02. Setting Auth0 FGA environment variable
For the developer preview, when using the SDKs either keep the environment variable FGA_ENVIRONMENT
empty or set it to us
.
03. Obtain store ID
The Store ID is available in the Store Settings section. Store this value in FGA_STORE_ID
environment variable.
04. Create credentials and obtain client secret
If you do not have the client secret, you will be presented with the Create Credentials button. Click this Create Credentials button. Otherwise if you already have the client secret, you may proceed to Step 05. Obtain client ID.
Enter the credential name in the provided text box. This credential name is used to easily identify your credentials in the future. Click Submit button when done.
A popup window will be presented with the client secret in the Secret text box. Copy this value and store it in the
FGA_CLIENT_SECRET
environment variable. Click Confirm once you have saved this value in a secure location.
note
The client secret will need to be regenerated by clicking the if it is lost or compromised in any way.
05. Obtain client ID
Once the client secret is generated, the client ID is available in the API Credentials panel's ID text box. Save this value in the FGA_CLIENT_ID
environment variable.
06. Obtain bearer token
If the API is to be invoked via the API Docs viewer or directly instead of through SDKs, you will need to obtain access token for use in later steps:
# Not needed when calling the Playground API
curl -X POST \
https://fga.us.auth0.com/oauth/token \
-H 'content-type: application/json' \
-d '{"client_id":"'$FGA_CLIENT_ID'","client_secret":"'$FGA_CLIENT_SECRET'","audience":"https://api.us1.fga.dev/","grant_type":"client_credentials"}'
# The response will be returned in the form
# {
# "access_token": "eyJ...Ggg",
# "expires_in": 86400,
# "scope": "read:tuples write:tuples check:tuples ... write:authorization-models",
# "token_type": "Bearer"
# }
# Store this `access_token` value in environment variable `FGA_BEARER_TOKEN`
# For non-playground environment
FGA_API_URL='https://api.us1.fga.dev'
# For playground environment
# FGA_API_URL='https://api.playground.fga.dev'
Playground
For the Developer Community Preview:
- API: https://api.playground.fga.dev
- Token Issuer: N/A
- Audience: N/A
01. Obtain store ID
The store ID is a unique identifier that uniquely identify the store. To obtain the store ID:
Click on the three dots button on the top-right of the screen
Select Copy Store ID on the top-right of the screen
The store ID is in the clipboard. Store this value in
FGA_STORE_ID
environment variable.