Management API

Relevant source files

The Management API provides programmatic access to Auth0's administrative endpoints for managing tenant resources. This page introduces the ManagementApiClient facade and its modern v8 architecture. For information about authentication flows and token acquisition, see Authentication API.

Purpose and Scope

The ManagementApiClient enables CRUD operations on Auth0 tenant resources including users, applications (clients), connections, organizations, roles, permissions, and MFA configuration. It targets the /api/v2 endpoint of your Auth0 tenant.

This page covers:

The Fern-generated facade pattern architecture of ManagementApiClient and the ManagementClient wrapper.
The 50+ specialized client interfaces it exposes.
Automatic token management via ITokenProvider.
High-level architecture of the RawClient HTTP layer.

For detailed coverage of specific resource types, see the subsections: User Management, Organization Management, Role and Permission Management, Client Management, Connection Management, Guardian and MFA Configuration, and others.

Architecture Overview

The Management API client uses a facade pattern where ManagementApiClient aggregates over 50 specialized client interfaces. The v8 SDK introduces a ManagementClient wrapper that simplifies token lifecycle management.

System Architecture

Title: Management API Component Relationship

Sources: src/Auth0.ManagementApi/ManagementApiClient.cs11-78 tests/Auth0.ManagementApi.IntegrationTests/ManagementApiClientTests.cs25-35

Complete Client Inventory

The ManagementApiClient exposes the following specialized clients via properties. The v8 release features a completely redesigned, OpenAPI-generated structure using Fern

Property	Interface	Primary Operations
`Users`	`IUsersClient`	CRUD, metadata, roles, permissions, organizations, sessions
`Organizations`	`IOrganizationsClient`	CRUD, members, connections, invitations, client grants
`Clients`	`IClientsClient`	CRUD, credentials, secret rotation, session transfer
`Connections`	`IConnectionsClient`	CRUD, SCIM config, enabled clients, profiles
`Roles`	`IRolesClient`	CRUD, permission assignment, user assignment
`Guardian`	`IGuardianClient`	MFA factors, providers (Twilio, DUO, SNS), enrollments
`Jobs`	`IJobsClient`	User import/export, verification emails, job error retrieval
`ResourceServers`	`IResourceServersClient`	API CRUD, scopes/permissions, token settings
`ClientGrants`	`IClientGrantsClient`	CRUD, scope assignment, organization scoping
`Logs`	`ILogsClient`	Query logs, checkpoint pagination
`Actions`	`IActionsClient`	CRUD, triggers, bindings, versions
`Branding`	`IBrandingClient`	Logos, colors, fonts, templates
`Prompts`	`IPromptsClient`	Universal Login customization
`Flows`	`IFlowsClient`	CRUD operations for Auth0 Flows
`Forms`	`IFormsClient`	CRUD operations for Auth0 Forms
`EventStreams`	`IEventStreamsClient`	Manage event streaming configurations
`NetworkAcls`	`INetworkAclsClient`	Network access control list management
`Keys`	`IKeysClient`	Signing keys, rotation, encryption keys

Sources: src/Auth0.ManagementApi/ManagementApiClient.cs80-164 src/Auth0.ManagementApi/CHANGELOG.md21-32

Initialization and Usage

ManagementClient vs ManagementApiClient

ManagementApiClient: The low-level facade generated by Fern. Requires a static token. If the token expires, you must instantiate a new client or update the token manually. README.md101-105
ManagementClient: The high-level wrapper. It takes a ManagementClientOptions and an ITokenProvider (like ClientCredentialsTokenProvider) to automatically fetch and refresh tokens as needed before calling the underlying ManagementApiClient. README.md32-49

Title: ManagementClient Initialization

Sources: tests/Auth0.ManagementApi.IntegrationTests/ManagementApiClientTests.cs25-29 README.md41-49

Basic Initialization Example (v8)

Sources: README.md41-53 tests/Auth0.ManagementApi.IntegrationTests/ManagementApiClientTests.cs55-58

Internal HTTP Layer (`RawClient`)

The ManagementApiClient uses an internal RawClient to handle HTTP communication. This layer is responsible for:

Header Injection: Merging default platform headers with authorization and custom headers. src/Auth0.ManagementApi/ManagementApiClient.cs15-34
Serialization: Utilizing System.Text.Json for modern resource models (replacing Newtonsoft.Json used in v7). src/Auth0.ManagementApi/CHANGELOG.md35
Request Options: Handling per-request configuration such as timeouts and retries via RequestOptions. src/Auth0.ManagementApi/CHANGELOG.md31

Resource Disposal

ManagementClient inherits from ManagementApiClient, which implements IManagementApiClient. Both support standard disposal patterns to clean up underlying HTTP resources.

Sources: src/Auth0.ManagementApi/ManagementApiClient.cs11 tests/Auth0.ManagementApi.IntegrationTests/ManagementApiClientTests.cs64-75

Next Steps

For detailed information on specific resource types and operations:

ManagementApiClient Architecture: Deep dive into the Fern-generated facade pattern and ITokenProvider implementation.
User Management: Comprehensive guide to user CRUD, metadata, and sessions using *RequestContent types.
Organization Management: Managing multi-tenant structures and invitations.
Role and Permission Management: RBAC implementation and assignment.
Client Management: Application settings and credential management.
Connection Management: Identity provider configuration and Connection Profiles.
Guardian and MFA Configuration: Multi-factor authentication setup and factors.
Jobs and Asynchronous Operations: Long-running tasks like user imports and exports.
Pagination Strategies: Handling large datasets with the new Pager<T> and IAsyncEnumerable<T> support.
HTTP Connection and Retry Logic: Mechanics of the RawClient, exponential backoff, and the Optional<T> type.
Extended Management Entities: Coverage for Logs, Actions, Flows, Forms, Event Streams, and more.

Sources: src/Auth0.ManagementApi/ManagementApiClient.cs80-164 src/Auth0.ManagementApi/CHANGELOG.md16-43