The Risk Events API provides the ability for third-party risk providers to send risk events to Okta. See Third-party risk provider integration for guidance on integrating third-party risk providers with Okta.
Note: This API will be deprecated on December 31, 2024. Use the SSF Receiver API instead to receive security-related events and other data-subject signals. Also, use the SSF Security Event Tokens API for third-party security event providers.
okta.riskEvents.manageSends multiple IP risk events to Okta. This request is used by a third-party risk provider to send IP risk events to Okta. The third-party risk provider needs to be registered with Okta before they can send events to Okta. See Risk Providers. This API has a rate limit of 30 requests per minute. You can include multiple risk events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. Prioritize sending high risk signals if you have a burst of signals to send that would exceed the maximum request limits.
Accepted
Bad Request
Forbidden
Too Many Requests
[- {
- "timestamp": "2021-01-20T00:00:00.001Z",
- "subjects": [
- {
- "ip": "6.7.6.7",
- "riskLevel": "MEDIUM"
}, - {
- "ip": "1.1.1.1",
- "riskLevel": "HIGH",
- "message": "Detected Attack tooling and suspicious activity"
}
]
}, - {
- "timestamp": "2021-01-20T01:00:00.001Z",
- "subjects": [
- {
- "ip": "6.7.6.7",
- "riskLevel": "LOW"
}, - {
- "ip": "2.2.2.2",
- "riskLevel": "HIGH"
}
]
}
]{- "errorCode": "E0000001",
- "errorSummary": "Api validation failed: {0}",
- "errorLink": "E0000001",
- "errorId": "sampleiCF-8D5rLW6myqiPItW",
- "errorCauses": [ ]
}