Where do I connect Auth0 in Apiable?

Go to Integrations then Authorization Servers, choose + Add AuthZ, select Auth0, and choose Connect Authorization Server.

What do I enter for the Auth0 Domain?

Your Auth0 tenant domain with no scheme, for example myorg.us.auth0.com. Apiable derives the token and Management API URLs from it.

Is the Auth0 API Audience required?

The form does not block saving without it, but scope binding does nothing without it. With no API Audience, tokens carry no scopes and nothing is enforced, so set it if you use scopes.

What credentials does Auth0 need?

A Management API application's Client ID and Client Secret, granted create:clients, read:clients, update:clients, and delete:clients.

Why does my Auth0 connection status show Error?

Test Connection calls your tenant's OpenID configuration endpoint. An Error usually means the Domain is wrong or the tenant is unreachable. The status shows the failing URL.

Integrations

Connect Auth0

Connect Auth0 as an Authorization Server in Apiable. Enter your Domain, API Audience, and Management API credentials, save, then run Test Connection.

You connect Auth0 as an Authorization Server under Integrations → Authorization Servers. You enter your tenant domain, the API audience your tokens target, and Management API credentials, then save and test the connection. After that, Apiable can register a client per subscription through the Auth0 Management API.

Where do you connect Auth0?

Go to Integrations → Authorization Servers, choose + Add AuthZ, select Auth0 on the Select Authorization Server type screen, then choose Connect Authorization Server.

Open Integrations → Authorization Servers.
Choose + Add AuthZ.
On Select Authorization Server type, select Auth0.
Choose Connect Authorization Server. The Auth0 connection form opens, titled Auth0 Configuration.

What does each Auth0 field mean?

The form is grouped into a name, a Tenant section, and a Management API Credentials section. Fill in the fields, then save.

Field	Section	What to enter
Name	(top)	A label for this connection inside Apiable. Required.
Domain	Tenant	Your Auth0 tenant domain with no scheme, for example `myorg.us.auth0.com`. Required.
API Audience	Tenant	The identifier of the Auth0 API your access tokens target, for example `https://api.example.com`. Read the section below before leaving it blank.
Client ID	Management API Credentials	The Client ID of your Auth0 Management API application. Required.
Client Secret	Management API Credentials	The Client Secret of that application. Required.

What Management API permissions does the application need?

The Management API application Apiable uses must be authorized for the Auth0 Management API with the client-management scopes. Apiable uses them to register, read, update, and delete a client per subscription.

Grant these scopes on the application in the Auth0 Dashboard:

create:clients
read:clients
update:clients
delete:clients

Does the API Audience matter?

Yes, if you use scopes. The form lets you save Auth0 without an API Audience, but scope binding does nothing without it. With no audience set, Apiable issues no client grant, the issued tokens carry no scopes, and nothing is enforced.

How do you save and test the connection?

Click Save. Apiable stores the credentials and runs OIDC discovery in the background. Open the saved server and click Test Connection to confirm the tenant is reachable. The status reads Connected, Error, or Not tested.

Click Save. On a new connection the button reads Save; when you edit an existing one it reads Save & Test Connection and runs a test automatically.
Apiable kicks off OIDC discovery for the tenant. The results appear under Discovered Auth Methods.
Click Test Connection to check reachability. Apiable calls your tenant's OpenID configuration endpoint.
Read the status: a green dot and Connected means the tenant responded; Error shows the failing URL; Not tested means no test has run yet.

How do you confirm client registration works?

On a saved connection, use Register Test Client in the status bar. Apiable registers a throwaway Machine to Machine client through the Management API and shows its Client ID and Client Secret.

The secret is shown once, with the note "Copy these now, the secret will not be shown again." This confirms your Management API credentials and permissions are working.

Troubleshooting

Match the status or message to the fix.

What you see	What to do
Status Not tested	No connection test has run yet. Open the server and click Test Connection.
Status Error with "Auth0 returned ..."	Test Connection reached Auth0 but the tenant endpoint returned a non-200. Check the Domain value.
Status Error with "Failed to reach Auth0 at ..."	Apiable could not reach the tenant. Check the Domain for typos and that it has no `https://` prefix.
Scopes look assigned on a plan but tokens carry none	The API Audience is blank, so scope binding is a no-op. Set the API Audience to your protected Auth0 API's identifier and save.
Register Test Client returns an error	The Management API call failed. Check the Client ID and Client Secret, and that the application has `create:clients` and the other client scopes.

Where to next

Authorization Servers

The concept overview and how DCR provisions a client per subscription.

Assign scopes to a plan

Bind this server to a plan and set each scope's state.