> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Delegation > Deprecated endpoint that generates a delegation token to flow user identity from an application to an API add-on. ## Endpoint `POST /delegation` By default, this feature is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate. A delegation token can be obtained and used when an application needs to call the API of an Application Addon, such as Firebase or SAP, registered and configured in Auth0, in the same tenant as the calling program. Given an existing token, this endpoint will generate a new token signed with the `target` app's secret. This is used to flow the identity of the user from the application to an API. ### Remarks * The `profile` scope value requests access to the End-User's default profile Claims, which are: `name`, `family_name`, `given_name`, `middle_name`, `nickname`, `preferred_username`, `profile`, `picture`, `website`, `gender`, `birthdate`, `zoneinfo`, `locale`, and `updated_at`. * The `email` scope value requests access to the `email` and `email_verified` Claims. * Delegation is **not supported** in version 8 of [auth0.js](https://auth0.com/docs/libraries/auth0js). For a sample in version 7 of the library, refer to the [auth0.js v7 reference guide](https://auth0.com/docs/libraries/auth0js/v7). * This endpoint limits up to 10 requests per minute from the same IP address with the same `user_id`. * This endpoint will return three HTTP Response Headers, that provide relevant data on its rate limits: * `X-RateLimit-Limit`: Number of requests allowed per minute. * `X-RateLimit-Remaining`: Number of requests available. Each new request reduces this number by 1. For each minute that passes, requests are added back, so this number increases by 1 each time. * `X-RateLimit-Reset`: Remaining time until the rate limit (`X-RateLimit-Limit`) resets. The value is in [UTC epoch seconds](https://en.wikipedia.org/wiki/Unix_time). ### Learn More * [Delegation Tokens](https://auth0.com/docs/secure/tokens/delegation-tokens) * [Auth0 API Rate Limit Policy](https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy) ## Response Messages | Status | Description | | ------ | ------------------------------------- | | 200 | Successful delegation token retrieval |