Whether authorization polices are enforced (true) or unenforced (false).
ID of the API (resource server).
Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set.
Whether this is an Auth0 system API (true) or a custom API (false).
Friendly name for this resource server. Can not contain < or > characters.
List of permissions (scopes) that this API uses.
Algorithm used to sign JWTs. Can be HS256 or RS256. PS256 available via addon.
Secret used to sign tokens when using symmetric algorithms (HS256).
Whether to skip user consent for applications flagged as first party (true) or not (false).
Dialect of access tokens that should be issued. access_token is a JWT containing standard Auth0 claims; rfc9068_profile is a JWT conforming to the IETF JWT Access Token Profile. access_token_authz and rfc9068_profile_authz additionally include RBAC permissions claims.
Expiration value (in seconds) for access tokens issued for this API from the token endpoint.
Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the token_lifetime value.
Whether refresh tokens can be issued for this API (true) or not (false).