Bot Protection

Provides operations to manage the bot protection configuration for your org.

Bot protection helps prevent automated attacks by detecting bots and triggering enforcement during user sign-in flows, self-service registration, and self-service password recovery flows.

Retrieve the bot protection configuration
Early Access
OAuth 2.0 scope:
okta.botProtection.read

Retrieves the bot protection configuration for your org

Responses

200

403

Forbidden

429

Too Many Requests

get/api/v1/bot-protection/configuration

Request samples

Response samples

application/json

{"level": "LOW",
"mode": "LOG_ONLY",
"supportedFlows": ["SIGN_IN",
"SSR",
"SSPR"
],
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/bot-protection/configuration",
"hints": {"allow": ["GET",
"POST"
]
}
}
}
}

Update the bot protection configuration
Early Access
OAuth 2.0 scope:
okta.botProtection.manage

Updates the bot protection configuration for your org

Request

Request Body schema: application/json
required

level

required

string (BotProtectionLevel)

The sensitivity level of bot detection

Enum:	Description
HIGH	High - Flags only high-confidence bot requests. Prioritizes a frictionless user experience.
MEDIUM	Medium and above - Flags moderate and high-confidence bot requests. Provides a balanced experience and security.
LOW	Low and above - Flags low-confidence bot requests. Prioritizes a rigorous security.
ANY	Always flag all requests to trigger enforcement settings, regardless of bot likeliness confidence level.

mode

required

string (BotProtectionMode)

The enforcement mode for bot protection

Enum:	Description
DISABLED	Bot protection is disabled
LOG_ONLY	Bot detection events are logged but not enforced
ENFORCED	Enforcement is applied to events where bots are detected

enforcementType

string (BotProtectionEnforcementType)

The type of enforcement to trigger when a bot is detected

Value:	Description
OKTA_CHALLENGE	The Okta built-in challenge mechanism

supportedFlows

Array of strings (BotProtectionSupportedFlow)

An array of authentication flows that have bot protection enabled

Items Enum:	Description
SIGN_IN	User sign-in page
SSPR	Self-Service Password Recovery page
SSR	Self-Service Registration page

Responses

200

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/bot-protection/configuration

Request samples

application/json

{"level": "LOW",
"mode": "LOG_ONLY",
"supportedFlows": ["SIGN_IN",
"SSR",
"SSPR"
]
}

Response samples

application/json

{"level": "LOW",
"mode": "LOG_ONLY",
"supportedFlows": ["SIGN_IN",
"SSR",
"SSPR"
],
"_links": {"self": {"href": "https://{yourOktaDomain}/api/v1/bot-protection/configuration",
"hints": {"allow": ["GET",
"POST"
]
}
}
}
}

Social
CONTACT & LEGAL
MORE INFORMATION
okta.com
Products, case studies, resources
Help Center
Knowledgebase, roadmaps, and more
Trust
System status, security, compliance

Bot Protection

Retrieve the bot protection configurationEarly AccessOAuth 2.0 scope: okta.botProtection.read

Update the bot protection configurationEarly AccessOAuth 2.0 scope: okta.botProtection.manage

Request Body schema: application/jsonrequired

Retrieve the bot protection configuration
Early Access
OAuth 2.0 scope:
okta.botProtection.read

Update the bot protection configuration
Early Access
OAuth 2.0 scope:
okta.botProtection.manage

Request Body schema: application/json
required