A machine-to-machine (M2M) application and a Resource Server (API) were created in Auth0 and authorized the M2M app for this API.

When trying to get an Access Token through a client credentials exchange, the following error is received:

Service not enabled within domain: "API_IDENTIFIER"

• Machine-to-Machine (M2M) Application
• Access Token

When creating the Resource Server (API) in Auth0, the audience that was sent had a blank space/whitespace in front of the identifier. 

"body": {
    "name": "API NAME",
    "identifier": " https://auth0.example.com/",
    "signing_alg": "RS256"
  }

When a client credentials exchange is attempted, the audience is not recognized due to the extra space, hence the error: Service not enabled within the domain.

NOTE: The same could happen if trying to make a client credentials exchange, and in the POST to the '/oauth/token' endpoint, a blank space/whitespace is inadvertently added in front of the audience. The same error will occur. 

The Resource Server/API identifier is set upon API creation. It cannot be modified afterward, so create a new one with the correct identifier, eliminating the extra space, and delete the previous one.

Alternatively, if the issue was an added whitespace in front of the audience sent for the client credentials exchange, remove the extra space, and it should work.