Whether authorization polices are enforced (true) or unenforced (false).
ID of the API (resource server).
Unique identifier for the API used as the audience parameter on authorization calls. Can not be changed once set.
Whether this is an Auth0 system API (true) or a custom API (false).
Friendly name for this resource server. Can not contain < or > characters.
List of permissions (scopes) that this API uses.
Algorithm used to sign JWTs. Can be HS256 or RS256. PS256 available via addon.
Secret used to sign tokens when using symmetric algorithms (HS256).
Whether to skip user consent for applications flagged as first party (true) or not (false).
Dialect of access tokens that should be issued. Can be access_token or access_token_authz (includes permissions).
Expiration value (in seconds) for access tokens issued for this API from the token endpoint.
Expiration value (in seconds) for access tokens issued for this API via Implicit or Hybrid Flows. Cannot be greater than the token_lifetime value.
Whether refresh tokens can be issued for this API (true) or not (false).