Skip to main content
The Management API is the group of Authlete APIs that manage the configuration of your authorization server and the entities inside it — services, clients, and tokens. Unlike the Core API, which handles OAuth 2.0 / OpenID Connect protocol requests at runtime, the Management API is used out-of-band to set up and operate the authorization server.

Typical Use Cases

  • Provisioning — Create and configure services from infrastructure-as-code pipelines, replicate environments across production, staging, and development.
  • Client lifecycle — Register new client applications from your developer portal or admin tools, rotate secrets, deactivate clients.
  • Token administration — List access tokens issued for an end-user or client, revoke tokens when a device is lost or abuse is reported, migrate tokens from a legacy authorization server.
  • End-user authorization screens — Show the list of applications an end-user has authorized, and let them revoke individual clients.
  • Operations and audit — Inspect issued tokens, adjust expiration policies, audit which clients exist.

Authentication

Management API calls require a Service Access Token with the permissions appropriate for each operation. See Authentication for how to create a token and assign permissions. Service creation and deletion are exceptions: they live on the IdP Endpoint and require an Organization Token. See Service Management.

Management API and the Management Console

The Authlete Management Console is built on top of the Management API. The operations you can perform in the console — creating services, registering clients, viewing tokens — are exposed through the same APIs, so you can choose whichever fits your workflow:
  • Interactive changes by humans → use the console.
  • Repeatable, automated, or auditable changes → use the Management API directly.

Next Steps