The Management API provides administrative access to Auth0 resources through 39 specialized managers. It enables complete control over users, applications, connections, organizations, and tenant configuration. The ManagementClient serves as the entry point to all management operations.
class ManagementClient extends ManagementClientBase {
constructor(options: ManagementClientOptionsWithToken);
constructor(options: ManagementClientOptionsWithClientCredentials);
}
interface ManagementClientOptionsWithToken extends ManagementClientOptions {
token: string | (() => Promise<string>) | (() => string);
}
type ManagementClientOptionsWithClientCredentials = ManagementClientOptions &
(ManagementClientOptionsWithClientSecret | ManagementClientOptionsWithClientAssertion);
interface ManagementClientOptionsWithClientSecret extends ManagementClientOptions {
clientId: string;
clientSecret: string;
audience?: string;
}
interface ManagementClientOptionsWithClientAssertion extends ManagementClientOptions {
clientId: string;
clientAssertionSigningKey: string;
clientAssertionSigningAlg?: string;
audience?: string;
}
interface ManagementClientOptions extends ClientOptions {
domain: string;
audience?: string;
headers?: Record<string, string>;
}Usage Examples:
import { ManagementClient } from "auth0";
// Using a Management API token
const management = new ManagementClient({
domain: "your-domain.auth0.com",
token: "your-management-api-token"
});
// Using client credentials
const management = new ManagementClient({
domain: "your-domain.auth0.com",
clientId: "your-client-id",
clientSecret: "your-client-secret",
audience: "https://your-domain.auth0.com/api/v2/"
});Comprehensive user operations including CRUD, metadata management, authentication methods, and user organization relationships.
interface UsersManager {
// Core user operations
get(params: GetUsersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200ResponseOneOfInner>>;
getAll(params?: GetUsersRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200Response>>;
create(requestBody: UserCreate, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200ResponseOneOfInner>>;
update(params: PatchUsersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200ResponseOneOfInner>>;
delete(params: DeleteUsersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// User metadata
updateUserMetadata(params: PatchUsersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200ResponseOneOfInner>>;
// Authentication methods
getAuthenticationMethods(params: GetAuthenticationMethodsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetAuthenticationMethods200Response>>;
createAuthenticationMethod(params: PostAuthenticationMethodsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<PostAuthenticationMethods201Response>>;
updateAuthenticationMethods(params: PutAuthenticationMethodsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<PutAuthenticationMethods200ResponseInner[]>>;
deleteAuthenticationMethods(params: DeleteAuthenticationMethodsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// User roles and permissions
getUserRoles(params: GetRolesByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetRoles200Response>>;
assignUserRoles(params: PostUserRolesByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
removeUserRoles(params: DeleteUserRolesByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
getUserPermissions(params: GetPermissionsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetPermissions200Response>>;
assignUserPermissions(params: PostPermissionsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
removeUserPermissions(params: DeletePermissionsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// Organizations
getUserOrganizations(params: GetOrganizationsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUserOrganizations200Response>>;
// Logs and sessions
getUserLogs(params: GetLogsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetLogs200Response>>;
getSessions(params: GetSessionsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetSessionsForUser200Response>>;
deleteSessions(params: DeleteSessionsByUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Usage Examples:
// Get user by ID
const user = await management.users.get({ id: "auth0|123456789" });
// Create user
const newUser = await management.users.create({
email: "newuser@example.com",
password: "SecurePass123",
connection: "Username-Password-Authentication",
email_verified: true,
given_name: "John",
family_name: "Doe"
});
// Update user metadata
const updatedUser = await management.users.update({
id: "auth0|123456789",
requestBody: {
user_metadata: {
preferences: { theme: "dark" }
}
}
});
// Assign roles to user
await management.users.assignUserRoles({
id: "auth0|123456789",
requestBody: {
roles: ["rol_abc123", "rol_def456"]
}
});Application and client configuration, grants, and authentication settings.
interface ClientsManager {
get(params: GetClientsByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Client>>;
getAll(params?: GetClientsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetClients200Response>>;
create(requestBody: ClientCreate, initOverrides?: InitOverride): Promise<ApiResponse<Client>>;
update(params: PatchClientsByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Client>>;
delete(params: DeleteClientsByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
rotateSecret(params: PostRotateSecretByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Client>>;
getCredentials(params: GetCredentialsByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetCredentials200ResponseInner[]>>;
createCredential(params: PostCredentialsByClientIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetCredentials200ResponseInner>>;
deleteCredential(params: DeleteCredentialsByClientIdAndCredentialIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}
interface ClientGrantsManager {
get(params: GetClientGrantsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<ClientGrant>>;
getAll(params?: GetClientGrantsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetClientGrants200Response>>;
create(requestBody: ClientGrantCreate, initOverrides?: InitOverride): Promise<ApiResponse<ClientGrant>>;
update(params: PatchClientGrantsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<ClientGrant>>;
delete(params: DeleteClientGrantsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Identity provider connections including social, enterprise, and database connections.
interface ConnectionsManager {
get(params: GetConnectionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Connection>>;
getAll(params?: GetConnectionsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetConnections200Response>>;
create(requestBody: ConnectionCreate, initOverrides?: InitOverride): Promise<ApiResponse<Connection>>;
update(params: PatchConnectionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Connection>>;
delete(params: DeleteConnectionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
checkStatus(params: GetStatusByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetStatus200Response>>;
deleteUser(params: DeleteUsersByEmailRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Multi-tenant organization structure, membership, and role management.
interface OrganizationsManager {
get(params: GetOrganizationsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Organization>>;
getAll(params?: GetOrganizationsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetOrganizations200Response>>;
create(requestBody: OrganizationCreate, initOverrides?: InitOverride): Promise<ApiResponse<Organization>>;
update(params: PatchOrganizationsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Organization>>;
delete(params: DeleteOrganizationsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// Members
getMembers(params: GetMembersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetMembers200Response>>;
addMembers(params: PostMembersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
deleteMembers(params: DeleteMembersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// Roles
getMemberRoles(params: GetOrganizationMemberRolesByIdAndUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetOrganizationMemberRoles200Response>>;
addMemberRoles(params: PostOrganizationRolesByIdAndUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
deleteMemberRoles(params: DeleteOrganizationRolesByIdAndUserIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
// Invitations
getInvitations(params: GetInvitationsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetInvitations200Response>>;
createInvitation(params: PostInvitationsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<OrganizationInvitation>>;
deleteInvitation(params: DeleteInvitationsByIdAndInvitationIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Role-based access control with fine-grained permissions.
interface RolesManager {
get(params: GetRolesByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Role>>;
getAll(params?: GetRolesRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetRoles200Response>>;
create(requestBody: RoleCreate, initOverrides?: InitOverride): Promise<ApiResponse<Role>>;
update(params: PatchRolesByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Role>>;
delete(params: DeleteRolesByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
getPermissions(params: GetPermissionsByRoleIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetPermissions200Response>>;
assignPermissions(params: PostPermissionsByRoleIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
removePermissions(params: DeletePermissionsByRoleIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
getUsers(params: GetUsersByRoleIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetUsers200Response>>;
assignUsers(params: PostUsersByRoleIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}
interface ResourceServersManager {
get(params: GetResourceServersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<ResourceServer>>;
getAll(params?: GetResourceServersRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetResourceServers200Response>>;
create(requestBody: ResourceServerCreate, initOverrides?: InitOverride): Promise<ApiResponse<ResourceServer>>;
update(params: PatchResourceServersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<ResourceServer>>;
delete(params: DeleteResourceServersByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Multi-factor authentication, attack protection, and anomaly detection.
interface GuardianManager {
getFactors(initOverrides?: InitOverride): Promise<ApiResponse<GetFactors200ResponseInner[]>>;
getEnrollments(params: GetEnrollmentsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<UserEnrollment[]>>;
deleteEnrollment(params: DeleteEnrollmentsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
createEnrollmentTicket(requestBody: PostEnrollmentTicketRequest, initOverrides?: InitOverride): Promise<ApiResponse<PostEnrollmentTicket201Response>>;
}
interface AttackProtectionManager {
getBreachedPasswordDetection(initOverrides?: InitOverride): Promise<ApiResponse<GetBreachedPasswordDetection200Response>>;
updateBreachedPasswordDetection(requestBody: PatchBreachedPasswordDetectionRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetBreachedPasswordDetection200Response>>;
getBruteForceProtection(initOverrides?: InitOverride): Promise<ApiResponse<GetBruteForceProtection200Response>>;
updateBruteForceProtection(requestBody: PatchBruteForceProtectionRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetBruteForceProtection200Response>>;
getSuspiciousIpThrottling(initOverrides?: InitOverride): Promise<ApiResponse<GetSuspiciousIpThrottling200Response>>;
updateSuspiciousIpThrottling(requestBody: PatchSuspiciousIpThrottlingRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetSuspiciousIpThrottling200Response>>;
}
interface AnomalyManager {
checkIpBlocked(params: GetBlocksByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetBlocks200Response>>;
removeIpBlock(params: DeleteBlocksByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}Comprehensive logging, analytics, and monitoring capabilities.
interface LogsManager {
get(params: GetLogsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Log>>;
getAll(params?: GetLogsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetLogs200Response>>;
}
interface LogStreamsManager {
get(params: GetLogStreamsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<LogStream>>;
getAll(params?: GetLogStreamsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetLogStreams200Response>>;
create(requestBody: LogStreamCreate, initOverrides?: InitOverride): Promise<ApiResponse<LogStream>>;
update(params: PatchLogStreamsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<LogStream>>;
delete(params: DeleteLogStreamsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}
interface StatsManager {
getActiveUsersCount(initOverrides?: InitOverride): Promise<ApiResponse<GetActiveUsersCount200Response>>;
getDailyStats(params?: GetDailyRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetDaily200ResponseInner[]>>;
}Tenant settings, branding, and UI customization.
interface TenantsManager {
get(initOverrides?: InitOverride): Promise<ApiResponse<Tenant>>;
update(requestBody: TenantUpdate, initOverrides?: InitOverride): Promise<ApiResponse<Tenant>>;
}
interface BrandingManager {
get(initOverrides?: InitOverride): Promise<ApiResponse<Branding>>;
update(requestBody: BrandingUpdate, initOverrides?: InitOverride): Promise<ApiResponse<Branding>>;
getTemplate(params: GetBrandingTemplatesByTemplateNameRequest, initOverrides?: InitOverride): Promise<ApiResponse<BrandingTemplate>>;
updateTemplate(params: PutBrandingTemplatesByTemplateNameRequest, initOverrides?: InitOverride): Promise<ApiResponse<BrandingTemplate>>;
}
interface PromptsManager {
get(initOverrides?: InitOverride): Promise<ApiResponse<Prompt>>;
update(requestBody: PromptUpdate, initOverrides?: InitOverride): Promise<ApiResponse<Prompt>>;
getCustomText(params: GetCustomTextByPromptAndLanguageRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetCustomText200Response>>;
updateCustomText(params: PutCustomTextByPromptAndLanguageRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetCustomText200Response>>;
}Actions, hooks, and custom flows for extending Auth0 functionality.
interface ActionsManager {
get(params: GetActionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Action>>;
getAll(params?: GetActionsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetActions200Response>>;
create(requestBody: ActionCreate, initOverrides?: InitOverride): Promise<ApiResponse<Action>>;
update(params: PatchActionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Action>>;
delete(params: DeleteActionsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
deploy(params: PostDeployActionByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<ActionVersion>>;
test(params: PostTestActionByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<PostTestAction200Response>>;
getTriggers(initOverrides?: InitOverride): Promise<ApiResponse<GetTriggers200Response>>;
updateTrigger(params: PatchTriggersByTriggerIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Trigger>>;
}
interface FlowsManager {
get(params: GetFlowsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Flow>>;
getAll(params?: GetFlowsRequest, initOverrides?: InitOverride): Promise<ApiResponse<GetFlows200Response>>;
create(requestBody: FlowCreate, initOverrides?: InitOverride): Promise<ApiResponse<Flow>>;
update(params: PatchFlowsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<Flow>>;
delete(params: DeleteFlowsByIdRequest, initOverrides?: InitOverride): Promise<ApiResponse<void>>;
}The ManagementClient provides access to 44 specialized managers:
class ManagementClientBase {
// User & Identity Management
users: UsersManager;
usersByEmail: UsersByEmailManager;
userBlocks: UserBlocksManager;
// Application & Client Management
clients: ClientsManager;
clientGrants: ClientGrantsManager;
// Authentication & Security
connections: ConnectionsManager;
deviceCredentials: DeviceCredentialsManager;
guardian: GuardianManager;
attackProtection: AttackProtectionManager;
anomaly: AnomalyManager;
// Authorization & Access Control
roles: RolesManager;
resourceServers: ResourceServersManager;
grants: GrantsManager;
refreshTokens: RefreshTokensManager;
// Organization Management
organizations: OrganizationsManager;
sessions: SessionsManager;
// Tenant & Configuration
tenants: TenantsManager;
branding: BrandingManager;
prompts: PromptsManager;
customDomains: CustomDomainsManager;
// Monitoring & Analytics
logs: LogsManager;
logStreams: LogStreamsManager;
stats: StatsManager;
riskAssessments: RiskAssessmentsManager;
// Email & Communications
emails: EmailsManager;
emailTemplates: EmailTemplatesManager;
tickets: TicketsManager;
// Extensibility & Automation
actions: ActionsManager;
flows: FlowsManager;
forms: FormsManager;
hooks: HooksManager;
rules: RulesManager;
rulesConfigs: RulesConfigsManager;
// Infrastructure & Operations
jobs: JobsManager;
keys: KeysManager;
blacklists: BlacklistsManager;
networkAcls: NetworkAclsManager;
// Specialized Features
selfServiceProfiles: SelfServiceProfilesManager;
tokenExchangeProfiles: TokenExchangeProfilesManager;
}