> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to check API calls to troubleshoot issues.

# Check API Calls

## Check Management API calls

* Do you have a [Management API Access Token](/docs/secure/tokens/access-tokens/management-api-access-tokens)?
* Did the <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=access+token">access token</Tooltip> expire?
* Did the access token contain the scopes needed for the call you made?
* If a rule adjusts the scopes in the access token or checks whether specific users are allowed to have the scopes, have you checked the rule to make sure it is executing correctly?
* Get the access token from a [HAR file](/docs/troubleshoot/troubleshooting-tools/generate-and-analyze-har-files) and test it in the [Auth0 Management API Explorer](https://auth0.com/docs/api/management/v2) to see if it works there.

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>
* If you are calling the Auth0 <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip> from an application that authenticates with [Client Credentials Flow](/docs/get-started/authentication-and-authorization-flow/client-credentials-flow), note that rules are not executed in this context. For functionality similar to a Rule, an Action in the [Machine to Machine Flow](/docs/customize/actions/explore-triggers/machine-to-machine-trigger) on the `credentials-exchange` trigger can be used in this context instead.

## Check other API calls

* Check in the HAR file if the access token contains correct scopes to call the API.

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>
* Check if the response to the `/authorize` endpoint call contains a scopes object. If so, check if the returned scopes are different from the requested scopes.
* Make sure your API can [validate the Access Token](/docs/secure/tokens/access-tokens/validate-access-tokens). It should validate the <Tooltip tip="Audience: Unique identifier of the audience for an issued token. Named aud in a token, its value contains the ID of either an application (Client ID) for an ID Token or an API (API Identifier) for an Access Token." cta="View Glossary" href="/docs/glossary?term=audience">audience</Tooltip>, issuer, client (if any), signature algorithm, signature, claims and permissions.
* If you experience errors with access token expiration, they could be caused by clock skew differences manifested across different systems or even different language libraries, such as Java and Node.js. This can be handled by running NTP on servers and configuring a clock skew tolerance in libraries used to validate tokens such as [jwt.verify](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback).

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  See [the Monitoring page](/docs/deploy-monitor/monitor) for more details on each of the log events that can help you troubleshoot issues.
</Callout>

## Learn more

* [Call Your API Using the Authorization Code Flow with PKCE](/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce/call-your-api-using-the-authorization-code-flow-with-pkce)
* [Call Your API Using the Authorization Code Flow](/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/call-your-api-using-the-authorization-code-flow)
* [Call Your API Using the Client Credentials Flow](/docs/get-started/authentication-and-authorization-flow/client-credentials-flow/call-your-api-using-the-client-credentials-flow)
* [Call Your API Using the Device Authorization Flow](/docs/get-started/authentication-and-authorization-flow/device-authorization-flow/call-your-api-using-the-device-authorization-flow)
