Okta Management

Authentication

OAuth 2.0 access token

You can access Okta APIs with scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints. The ability to perform these actions are controlled by the scopes that the access token contains. See Implement OAuth for Okta and Implement OAuth for Okta with a service app.

API key

Note: API keys aren't scoped and have full access to all Okta APIs matching the permissions of the administrator that created the key. It's recommended that you use a scoped OAuth 2.0 access token instead.

You can access the Okta API with the custom HTTP authentication scheme SSWS for authentication. All requests must have a valid API key specified in the HTTP Authorization header with the SSWS scheme.

Copy

Copied

Authorization: SSWS 00QCjAl4MlV-WPXM...0HmjFx-vbGua

Note: See Create an API token.

The API key (API token) isn't interchangeable with an Okta session token, access tokens, or ID tokens used with OAuth 2.0 and OpenID Connect.