The Okta Identity Governance API supports two authentication models:

OAuth 2.0 and OpenID Connect is strongly recommended.

OAuth 2.0 and OpenID Connect

You can interact with Okta Identity Governance APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by the scopes that the access token contains. See OAuth 2.0 for Okta APIs for general information, and the API reference for each Identity Governance operation for the applicable scopes.

API token

This requires the custom HTTP authentication scheme SSWS for authentication. All requests must have a valid API key specified in the HTTP Authorization header with the SSWS scheme.

Authorization: SSWS 00QCjAl4MlV-WPXM...0HmjFx-vbGua

Note: See Obtaining a token for instructions on how to get an API key for your organization.

The API key (API token) isn't interchangeable with an Okta session token, access tokens, or ID tokens used with OAuth 2.0 and OpenID Connect.