Risk Events

The Risk Events API provides the ability for third-party risk providers to send risk events to Okta. See Third-party risk provider integration for guidance on integrating third-party risk providers with Okta.

Note: This API will be deprecated on December 31, 2024. Use the SSF Receiver API instead to receive security-related events and other data-subject signals. Also, use the SSF Security Event Tokens API for third-party security event providers.

Send multiple Risk Events
Early Access
OAuth 2.0: okta.riskEvents.manage

Sends multiple IP risk events to Okta. This request is used by a third-party risk provider to send IP risk events to Okta. The third-party risk provider needs to be registered with Okta before they can send events to Okta. See Risk Providers. This API has a rate limit of 30 requests per minute. You can include multiple risk events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. Prioritize sending high risk signals if you have a burst of signals to send that would exceed the maximum request limits.

Request
Request Body schema: application/json
required
Array
required
Array of objects (RiskEventSubject)

List of Risk Event Subjects

Array
ip
required
string

The risk event subject IP address (either an IPv4 or IPv6 address)

riskLevel
required
string (RiskEventSubjectRiskLevel)

The risk level associated with the IP

Enum: "HIGH" "LOW" "MEDIUM"
message
string <= 512 characters ^[a-zA-Z0-9 .\-_]*$

Additional reasons for the risk level of the IP

expiresAt
string <date-time>

Timestamp at which the event expires (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-ddTHH:mm:ss.SSSZ). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed.

timestamp
string <date-time>

Timestamp of when the event is produced (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-ddTHH:mm:ss.SSSZ)

Responses
202

Accepted

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/risk/events/ip
Request samples
application/json
[
  • {
    • "timestamp": "2021-01-20T00:00:00.001Z",
    • "subjects": [
      ]
    },
  • {
    • "timestamp": "2021-01-20T01:00:00.001Z",
    • "subjects": [
      ]
    }
]
Response samples
application/json
{
  • "errorCode": "E0000001",
  • "errorSummary": "Api validation failed: {0}",
  • "errorLink": "E0000001",
  • "errorId": "sampleiCF-8D5rLW6myqiPItW",
  • "errorCauses": [ ]
}