Skip to main content

Web applications with backend for frontend

In a typical scenario, a user interacts with a frontend application (e.g., a chatbot interface). This frontend communicates with a backend service, often a Backend for Frontend (BFF) or an agent, which is responsible for calling the external API.
Token Vault using Refresh Tokens
By modeling your agent’s backend as a secure application, it can obtain the necessary tokens from Token Vault to interact with external APIs while maintaining the user’s context and permissions.

Applications without refresh tokens

In scenarios where refresh tokens cannot be used, such as single-page applications (SPAs) or headless agents and CLIs, you can still call external APIs on the user’s behalf via Token Vault using Auth0 access tokens. To do so, use the Auth0 Dashboard to configure the following:
  • An API in Auth0: You need to register an API in the Auth0 Dashboard with the appropriate settings.
  • A Custom API Client in Auth0: The Custom API Client allows your API server to perform token exchanges using access tokens instead of refresh tokens. This client enables Token Vault to exchange an access token for an external API access token (e.g., Google Calendar API).
Token Vault using Access Tokens
Check out this guide for an example.

Get started

To begin using Auth0 Token Vault in your GenAI applications, refer to the following resources:

Calling third-party APIs

Learn how Auth0 for AI Agents enables AI agents to call other’s APIs on the user’s behalf.

How-Tos

Check Google Calendar Availability

Use OpenAI, NextJS, and the Auth0-AI SDKs to check your Google Calendar availability.

List GitHub Repositories

Use OpenAI, NextJS, and the Auth0-AI SDKs to list your GitHub repositores.

List Slack Channels

Use OpenAI, NextJS, and the Auth0-AI SDKs to list your Slack channels.