Risk Providers

The Risk Providers API enables you to manage the Risk Providers within Okta. See Third-party risk provider integration for guidance on integrating third-party risk providers with Okta.

Note: This API will be deprecated on December 31, 2024. Use the SSF Receiver API instead to receive security-related events and other data-subject signals. Also, use the SSF Security Event Tokens API for third-party security event providers.

List all risk providers
Early Access
OAuth 2.0: okta.riskProviders.read

Lists all risk provider objects

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/risk/providers
Request samples
Response samples
application/json
[]

Create a risk provider
Early Access
OAuth 2.0: okta.riskProviders.manage

Creates a risk provider object. You can create a maximum of three risk provider objects.

Request
Request Body schema: application/json
required
name
required
string <= 50 characters

Name of the risk provider

clientId
required
string

The ID of the OAuth 2.0 service app that's used to send risk events to Okta

action
required
string (RiskProviderAction)
Default: "log_only"

Action taken by Okta during authentication attempts based on the risk events sent by this provider

Enum: Description
log_only

Include risk event information in the System Log

none

No action

enforce_and_log

Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log

Responses
201

Created

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/risk/providers
Request samples
application/json
{
  • "name": "Risk-Partner-X",
  • "action": "log_only",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples
application/json
{}

Retrieve a risk provider
Early Access
OAuth 2.0: okta.riskProviders.read

Retrieves a risk provider object by ID

Request
path Parameters
riskProviderId
required
string

id of the risk provider object

Example: 00rp12r4skkjkjgsn
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/risk/providers/{riskProviderId}
Request samples
Response samples
application/json
{}

Replace a risk provider
Early Access
OAuth 2.0: okta.riskProviders.manage

Replaces the properties for a given risk provider object ID

Request
path Parameters
riskProviderId
required
string

id of the risk provider object

Example: 00rp12r4skkjkjgsn
Request Body schema: application/json
required
name
required
string <= 50 characters

Name of the risk provider

clientId
required
string

The ID of the OAuth 2.0 service app that's used to send risk events to Okta

action
required
string (RiskProviderAction)
Default: "log_only"

Action taken by Okta during authentication attempts based on the risk events sent by this provider

Enum: Description
log_only

Include risk event information in the System Log

none

No action

enforce_and_log

Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log

Responses
200

OK

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/risk/providers/{riskProviderId}
Request samples
application/json
{
  • "name": "Risk-Partner-Y",
  • "action": "enforce_and_log",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples
application/json
{}

Delete a risk provider
Early Access
OAuth 2.0: okta.riskProviders.manage

Deletes a risk provider object by its ID

Request
path Parameters
riskProviderId
required
string

id of the risk provider object

Example: 00rp12r4skkjkjgsn
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/risk/providers/{riskProviderId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}