Risk Providers

The Risk Providers API enables you to manage the Risk Providers within Okta. See Third-party risk provider integration for guidance on integrating third-party risk providers with Okta.

Note: This API will be deprecated on December 31, 2024. Use the SSF Receiver API instead to receive security-related events and other data-subject signals. Also, use the SSF Security Event Tokens API for third-party security event providers.

List all Risk Providers
Early Access
OAuth 2.0: okta.riskProviders.read

Lists all Risk Provider objects

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/risk/providers
Request samples 
Response samples 
application/json
[]
Create a Risk Provider
Early Access
OAuth 2.0: okta.riskProviders.manage
Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.


Request 
Request Body schema: application/json
required
name
required
string  <= 50 characters 
Name of the risk provider


 
clientId
required
string
The ID of the OAuth service app that is used to send risk events to Okta


 
action
required
string (RiskProviderAction) 
 Default:  "log_only"
Action taken by Okta during authentication attempts based on the risk events sent by this provider


 Enum: Description
log_only
Include risk event information in the System Log


none
No action


enforce_and_log
Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log


 
Responses 
201
Created


400
Bad Request


403
Forbidden


429
Too Many Requests


post/api/v1/risk/providers
Request samples 
application/json
{
  • "name": "Risk-Partner-X",
  • "action": "log_only",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples 
application/json
{}
Retrieve a Risk Provider
Early Access
OAuth 2.0: okta.riskProviders.read
Retrieves a Risk Provider object by ID


Request 
path Parameters
riskProviderId
required
string
id of the Risk Provider object


 
 Example:  00rp12r4skkjkjgsn
Responses 
200
OK


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/risk/providers/{riskProviderId}
Request samples 
Response samples 
application/json
{}
Replace a Risk Provider
Early Access
OAuth 2.0: okta.riskProviders.manage
Replaces the properties for a given Risk Provider object ID


Request 
path Parameters
riskProviderId
required
string
id of the Risk Provider object


 
 Example:  00rp12r4skkjkjgsn
Request Body schema: application/json
required
name
required
string  <= 50 characters 
Name of the risk provider


 
clientId
required
string
The ID of the OAuth service app that is used to send risk events to Okta


 
action
required
string (RiskProviderAction) 
 Default:  "log_only"
Action taken by Okta during authentication attempts based on the risk events sent by this provider


 Enum: Description
log_only
Include risk event information in the System Log


none
No action


enforce_and_log
Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log


 
Responses 
200
OK


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/risk/providers/{riskProviderId}
Request samples 
application/json
{
  • "name": "Risk-Partner-Y",
  • "action": "enforce_and_log",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples 
application/json
{}
Delete a Risk Provider
Early Access
OAuth 2.0: okta.riskProviders.manage
Deletes a Risk Provider object by its ID


Request 
path Parameters
riskProviderId
required
string
id of the Risk Provider object


 
 Example:  00rp12r4skkjkjgsn
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/risk/providers/{riskProviderId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}