> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how the OIDC-conformant pipeline affects your use of external APIs and the tokens used to secure them.

# External APIs with OIDC

With the OIDC-conformant pipeline, you should define applications and APIs (resources) as separate Auth0 entities. Benefits include:

* Simpler API integration: APIs are no longer tied to applications that call them.
* [Machine-to-machine (M2M)](/docs/get-started/authentication-and-authorization-flow/client-credentials-flow) integration scenarios: Applications can authenticate as themselves (instead of acting on behalf of a user) to programmatically and securely get an <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=Access+Token">Access Token</Tooltip>.

## Architecture

Suggested OIDC-conformant solutions for different scenarios include:

* **Multiple applications calling an API under a single <Tooltip tip="Client ID: Identification value given to your registered resource from Auth0." cta="View Glossary" href="/docs/glossary?term=client+ID">client ID</Tooltip>**: Represent each application with a single Auth0 application, each of which can interact with the API on which the applications depend.
* **Exchange tokens obtained by one application for tokens for a different application with delegation**: Use a multi-application solution, with each application authenticating to the same <Tooltip tip="Resource Server: Server hosting protected resources. Resource servers accept and respond to protected resource requests." cta="View Glossary" href="/docs/glossary?term=resource+server">resource server</Tooltip>.
* **Applications do not depend on external APIs; only used to authenticate users**: You do not need to define an API as long as <Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=ID+tokens">ID tokens</Tooltip> are:

  * Processed only by the application.
  * Not sent to any external services.

## Learn more

* [Access Tokens with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-access-tokens)
* [Authorization Code Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow)
* [Client Credentials Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-client-credentials-flow)
* [Delegation with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-delegation)
* [Implicit Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-implicit-flow)
* [Refresh Tokens with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-refresh-tokens)