We're excited to announce that API Access Policies for Applications is now in Early Access for all Auth0 customers and is fully supported for production use.
This feature enables you to control how applications access your APIs registered in Auth0. You can configure separate application API access policies for user access and client (machine-to-machine) flows, giving you declarative, granular and easy-to-reason control over which applications can obtain an access token for a specific API. For instance, with the require_client_grant policy, you can ensure that only explicitly authorized applications can get tokens, even during user flows. This strengthens your security posture by preventing unauthorized applications from accessing sensitive API resources on behalf of a user.
To learn more, check out the documentation.
Fetched April 11, 2026