Risk Providers

The Risk Providers API provides the ability to manage the Risk Providers within Okta. See Third-party risk provider integration for guidance on integrating third-party risk providers with Okta.

List all Risk Providers
OAuth 2.0: okta.riskProviders.read

Lists all Risk Provider objects

Responses
200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/risk/providers
Request samples
Response samples
application/json
[]

Create a Risk Provider
OAuth 2.0: okta.riskProviders.manage

Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.

Request
Request Body schema: application/json
required
action
required
string (RiskProviderAction)
Default: "log_only"

Action taken by Okta during authentication attempts based on the risk events sent by this provider

Enum: Description
log_only

Include risk event information in the System Log

none

No action

enforce_and_log

Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log

clientId
required
string

The ID of the OAuth service app that is used to send risk events to Okta

name
required
string <= 50 characters

Name of the risk provider

Responses
201

Created

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/risk/providers
Request samples
application/json
{
  • "name": "Risk-Partner-X",
  • "action": "log_only",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples
application/json
{}

Retrieve a Risk Provider
OAuth 2.0: okta.riskProviders.read

Retrieves a Risk Provider object by ID

Request
path Parameters
riskProviderId
required
string

id of the Risk Provider object

Example: 00rp12r4skkjkjgsn
Responses
200

OK

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/risk/providers/{riskProviderId}
Request samples
Response samples
application/json
{}

Replace a Risk Provider
OAuth 2.0: okta.riskProviders.manage

Replaces the properties for a given Risk Provider object ID

Request
path Parameters
riskProviderId
required
string

id of the Risk Provider object

Example: 00rp12r4skkjkjgsn
Request Body schema: application/json
required
action
required
string (RiskProviderAction)
Default: "log_only"

Action taken by Okta during authentication attempts based on the risk events sent by this provider

Enum: Description
log_only

Include risk event information in the System Log

none

No action

enforce_and_log

Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log

clientId
required
string

The ID of the OAuth service app that is used to send risk events to Okta

name
required
string <= 50 characters

Name of the risk provider

Responses
200

OK

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/risk/providers/{riskProviderId}
Request samples
application/json
{
  • "name": "Risk-Partner-Y",
  • "action": "enforce_and_log",
  • "clientId": "00ckjsfgjkdkjdkkljjsd"
}
Response samples
application/json
{}

Delete a Risk Provider
OAuth 2.0: okta.riskProviders.manage

Deletes a Risk Provider object by its ID

Request
path Parameters
riskProviderId
required
string

id of the Risk Provider object

Example: 00rp12r4skkjkjgsn
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/risk/providers/{riskProviderId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}