This article explains how to block user signups via API while allowing them through Universal Login using an Action script.

• Actions
• Pre-User Registration

To block signups initiated directly via the API while allowing those through Universal Login, use an Action script triggered by a Pre-User Registration event. Signups through Universal Login include a transaction object in the event data, whereas direct API requests to the /dbconnections/signup endpoint does not.

1. Go to the Auth0 dashboard and select Actions > Triggers > Pre-User Registration.

2. Create a new Action and enter the following code to deny access if the event.transaction object is missing:

exports.onExecutePreUserRegistration = async (event, api) => {
  if (!event.transaction) {
    return api.access.deny('signup_via_api_not_allowed', 'API signup is not allowed.');
  }
};

3. Deploy the Action and add it to the Pre-User Registration flow.

NOTE: The Disable Sign Ups option in the database connection settings must remain disabled. If enabled, it blocks all signups regardless of the source.