Metric Streams (Beta)

Metric Streams is currently in Beta. To request access, complete the Beta access form and an Auth0 representative will contact you.

Stream real-time Auth0 metrics to your monitoring platform to track API performance, identify rate limit issues, and troubleshoot errors faster. Metric Streams supports both native Datadog integration and OpenTelemetry Protocol (OTLP) for platforms like New Relic, Grafana Cloud, and Splunk.

What you can monitor

Track key metrics about your Auth0 API usage:

API request volume: Monitor total requests to Authentication and Management APIs
Error rates: Identify client and server errors affecting your integration
Rate limit occurrences: Detect when your application hits rate limits
Geographic distribution: Analyze traffic patterns by country
Authentication flows: Track grant types and connection usage

Use cases

Identify rate limit issues

Monitor which APIs and endpoints are hitting rate limits so you can adjust your integration or upgrade your rate limit tier.

Troubleshoot API failures

Quickly identify the root cause of errors by filtering metrics by API, operation, and failure type (rate limits, anomaly detection, or general errors).

Plan capacity

Analyze peak usage, average RPS, and percentile metrics to determine the appropriate rate limit tier for your workload.

Prerequisites

Before setting up a metric stream, you need:

Auth0 Management API access: Create a Machine-to-Machine (M2M) application with the following permissions:
- read:event_streams
- create:event_streams
- update:event_streams
- delete:event_streams
- read:event_deliveries
- update:event_deliveries
See Get Management API Access Tokens for detailed instructions.
Auth0 CLI installed: Install the Auth0 CLI to configure metric streams via API commands.
Monitoring platform account: An active account with one of the supported destinations.

Metric reference

auth0.api_request.count

Counts API requests to your Auth0 tenant with detailed tags for filtering and aggregation.

Available tags

Tag Name	Required	Description
`api`	✅	API type: `AUTHENTICATION` or `MANAGEMENT`
`operation_name`	✅	HTTP method and path (e.g., `POST /oauth/token`)
`operation_result`	✅	Result: `SUCCESS` or `FAILURE`
`tenant`	✅	Your Auth0 tenant name
`failure_code`	❌	Failure reason: `RATE_LIMIT`, `ANOMALY_DETECTION`, or `CLIENT_SERVER_ERROR`
`country_code`	❌	ISO country code from request IP address
`client_id`	❌	Application client ID (Authentication API only)
`connection_id`	❌	Connection ID (Authentication API only)
`grant_type`	❌	OAuth 2.0 grant type (Authentication API only)
`batch_seq`	✅	Sequence number for metrics with identical tags and timestamp (temporary, will be removed after Beta)

The client_id and connection_id tags can generate high cardinality in environments with many unique clients or connections, potentially increasing monitoring costs. Use these tags selectively.

Metric streams do not include API calls that are cached or blocked by Auth0’s WAF at the edge to prevent system overload.

Enum values

api

AUTHENTICATION - Authentication API requests
MANAGEMENT - Management API requests

operation_result

SUCCESS - Request completed successfully
FAILURE - Request failed with client or server error

failure_code (only present when operation_result is FAILURE)

RATE_LIMIT - Request exceeded rate limit
ANOMALY_DETECTION - Blocked by Auth0’s attack protection
CLIENT_SERVER_ERROR - HTTP 4xx or 5xx error

Supported destinations

Metric Streams supports the following monitoring platforms:

Datadog

Native integration with Datadog’s metrics API

Grafana Cloud

Stream via OpenTelemetry Protocol (OTLP)

New Relic

Stream via OpenTelemetry Protocol (OTLP)

Splunk

Stream via OpenTelemetry Protocol (OTLP)

Coming soon

AWS CloudWatch (via OTLP)
Azure Monitor (via OTLP)
Prometheus (via OpenTelemetry Collector)

Set up Datadog

Stream Auth0 metrics directly to Datadog using their native metrics API.

Prerequisites

Active Datadog account
Datadog API key (generate at Organization Settings > API Keys in Datadog)
Your Datadog site URL (e.g., app.datadoghq.com, app.datadoghq.eu)

Create metric stream

Use the Auth0 CLI to create a Datadog metric stream:

auth0 api post metric-streams \
  --data '{
    "name": "datadog-production",
    "subscriptions": [{ "metric_type": "auth0.api_request.count" }],
    "destination": {
      "type": "datadog",
      "configuration": {
        "api_key": "YOUR_DATADOG_API_KEY",
        "site": "app.datadoghq.com"
      }
    }
  }'

Response:

{
  "id": "mst_abc123xyz",
  "status": "enabled",
  "name": "datadog-production",
  "created_at": "2024-02-12T10:30:00Z",
  "updated_at": "2024-02-12T10:30:00Z",
  "destination": {
    "type": "datadog",
    "configuration": {
      "api_key": "***",
      "site": "app.datadoghq.com"
    }
  }
}

Save the id value to manage this stream later.

Verify in Datadog

Within a few minutes, Auth0 metrics will appear in Datadog. Navigate to Metrics > Explorer and search for auth0.api_request.count to view your data.

Manage streams

List all streams:

auth0 api get /api/v2/metric-streams

Disable a stream:

auth0 api patch /api/v2/metric-streams/YOUR_STREAM_ID \
  --data '{"status":"disabled"}'

Re-enable a stream:

auth0 api patch /api/v2/metric-streams/YOUR_STREAM_ID \
  --data '{"status":"enabled"}'

Set up Grafana Cloud

Stream Auth0 metrics to Grafana Cloud using OpenTelemetry Protocol (OTLP).

Get Grafana Cloud credentials

Navigate to OpenTelemetry configuration

Log in to your Grafana Cloud dashboard
Click Connections > Add new connection
Select OpenTelemetry from Featured connections
Click OpenTelemetry SDK > Language Other > Next
Select Other for infrastructure > Next
Select OpenTelemetry Collector > Next

Create access token

In the Instrumentation Instructions section:

Click Create token
Enter a descriptive name (e.g., auth0-metrics)
Click Create token
Copy the token value (you’ll need this for the stream configuration)

Copy endpoint URL

Copy the value from the OTEL_EXPORTER_OTLP_ENDPOINT environment variable in the generated configuration block.

Extract authentication token

From the OTEL_EXPORTER_OTLP_HEADERS value, copy only the token portion after Authorization=Basic%20.Example:

OTEL_EXPORTER_OTLP_HEADERS=Authorization=Basic%20abc123xyz456

Copy: abc123xyz456

Create metric stream

auth0 api post metric-streams \
  --data '{
    "name": "grafana-production",
    "subscriptions": [{ "metric_type": "metrics_bridge.api_request" }],
    "destination": {
      "type": "otlp",
      "configuration": {
        "endpoint": "YOUR_GRAFANA_OTLP_ENDPOINT",
        "protocol": "http",
        "auth_type": "api_key",
        "api_key": "Basic YOUR_GRAFANA_TOKEN",
        "auth_header_name": "Authorization"
      }
    }
  }'

Set up New Relic

Stream Auth0 metrics to New Relic using OpenTelemetry Protocol (OTLP).

Get New Relic credentials

Find your OTLP endpoint

Refer to New Relic’s OTLP documentation to find your region-specific endpoint:

US: https://otlp.nr-data.net
EU: https://otlp.eu01.nr-data.net

Save this endpoint URL.

Create ingest license key

Go to [your user menu] > API Keys
Click Create a key
Select Key Type = Ingest - License
Enter a descriptive name and optional note
Click Create a key
Copy the API key immediately (it won’t be shown again)

Create metric stream

auth0 api post metric-streams \
  --data '{
    "name": "newrelic-production",
    "subscriptions": [{ "metric_type": "metrics_bridge.api_request" }],
    "destination": {
      "type": "otlp",
      "configuration": {
        "endpoint": "YOUR_NEW_RELIC_ENDPOINT",
        "protocol": "http",
        "auth_type": "api_key",
        "api_key": "YOUR_INGEST_LICENSE_KEY",
        "auth_header_name": "api-key"
      }
    }
  }'

Set up Splunk

Stream Auth0 metrics to Splunk Observability Cloud using OpenTelemetry Protocol (OTLP).

Get Splunk credentials

Find your OTLP endpoint

Refer to Splunk’s OTLP HTTP Exporter documentation to find your endpoint.The endpoint format is:

https://ingest.<REALM>.signalfx.com/v2/datapoint/otlp

Replace <REALM> with your Splunk realm (e.g., us1, eu0, jp0).

Create access token

Navigate to Settings > Access Tokens > New Token
Enter a descriptive name
Set Authorization Scope to INGEST (required)
Set token expiration
Click Create
Copy and securely store the token value

Create metric stream

auth0 api post metric-streams \
  --data '{
    "name": "splunk-production",
    "subscriptions": [{ "metric_type": "metrics_bridge.api_request" }],
    "destination": {
      "type": "otlp",
      "configuration": {
        "endpoint": "YOUR_SPLUNK_ENDPOINT",
        "protocol": "http",
        "auth_type": "api_key",
        "api_key": "YOUR_SPLUNK_ACCESS_TOKEN",
        "auth_header_name": "X-SF-TOKEN"
      }
    }
  }'

Understand metric cardinality

Cardinality refers to the number of unique time series generated by your metrics. Higher cardinality increases monitoring costs.

Tag	Cardinality	Impact
`api`	Low	2 unique values (Authentication, Management)
`operation_name`	Medium	Varies by API operations used
`operation_result`	Low	2 unique values (Success, Failure)
`tenant`	Medium	1 per Auth0 tenant
`failure_code`	Low	3 unique values (only on failures)
`country_code`	Medium-High	Varies by geographic distribution
`client_id`	High	1 per application client
`connection_id`	High	1 per identity provider connection
`grant_type`	Low	Limited OAuth 2.0 grant types
`batch_seq`	Low	Temporary tag (removed after Beta)

Use client_id and connection_id tags carefully. In environments with many applications or connections, these tags can significantly increase costs. Consider filtering to specific clients or aggregating these tags if detailed granularity isn’t required.

Troubleshooting

Metrics not appearing

Check stream status:

auth0 api get /api/v2/metric-streams/YOUR_STREAM_ID

Verify the status field is enabled. Verify destination credentials:

Datadog: Confirm your API key is valid and the site URL matches your Datadog region
OTLP destinations: Verify endpoint URL, authentication token, and header name are correct

Check for edge caching: Remember that cached requests and WAF-blocked requests are not included in metric streams.

High monitoring costs

If you’re seeing unexpectedly high costs:

Review which tags you’re using in queries and dashboards
Consider removing client_id and connection_id from aggregations
Use sampling or filtering in your monitoring platform to reduce ingested metrics
Aggregate by higher-level tags like api and operation_result instead of granular tags

Deployment

Monitoring

​Metric Streams (Beta)

​What you can monitor

​Use cases

​Identify rate limit issues

​Troubleshoot API failures

​Plan capacity

​Prerequisites

​Metric reference

​auth0.api_request.count

​Available tags

​Enum values

​Supported destinations

Datadog

Grafana Cloud

New Relic

Splunk

​Coming soon

​Set up Datadog

​Prerequisites

​Create metric stream

​Verify in Datadog

​Manage streams

​Set up Grafana Cloud

​Get Grafana Cloud credentials

​Create metric stream

​Set up New Relic

​Get New Relic credentials

​Create metric stream

​Set up Splunk

​Get Splunk credentials

​Create metric stream

​Understand metric cardinality

​Troubleshooting

​Metrics not appearing

​High monitoring costs

Metric Streams (Beta)

What you can monitor

Use cases

Identify rate limit issues

Troubleshoot API failures

Plan capacity

Prerequisites

Metric reference

auth0.api_request.count

Available tags

Enum values

Supported destinations

Coming soon

Set up Datadog

Prerequisites

Create metric stream

Verify in Datadog

Manage streams

Set up Grafana Cloud

Get Grafana Cloud credentials

Create metric stream

Set up New Relic

Get New Relic credentials

Create metric stream

Set up Splunk

Get Splunk credentials

Create metric stream

Understand metric cardinality

Troubleshooting

Metrics not appearing

High monitoring costs