An Okta Privileged Access service user is used to access the Okta Privileged Access API. Each service user is provided tokens, which authenticate and authorize against the service.
Most calls to the Okta Privileged Access API require an HTTP Authorization header with a value of Bearer ${AUTH_TOKEN}.
To retrieve an auth token, you need to create an API key for a service user and pass the API key information to this endpoint.
Auth tokens may expire at any time, so code that uses them should be prepared to handle a 401 response code by creating a new auth token.
OK
{- "key_id": "6052868b-1b04-4a14-8288-e6496d7f2f4b",
- "key_secret": "uF0SoVBVQP/hJmQSLUZdM2a7ArYzjD8ykzvG7n4tKaOEfSErcwMUUDWpEf4Q42/HaVKPZUfILkzy/bsQFv7WRg=="
}{- "bearer_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImI4YTAzODA0MTM0NjctNGU5OC04ZDU2LTAxNDRlNGNkMGViMCIsInR5cCI6IkpXVCJ9eeyJleHAiOjE0NzY4MTE1OTAsImlzcyI6InNjYWxlZnQuYXV0aC50b2tlbiIsImp0aSI6IjA0YjRhNTE4LWU5YzYtNDc1My05YWY4LThlOTAwNjVjNjX5YSIsInJvbGVzIjp7IjE0NzY4MTE1OTAiOm51bGx9LCJ0ZWFtIjoic2NhbGVmdCIsInVzZXIiOiJyb2JvdF9ydXNzZWxsIn0.pHuv06Q1-sKjHrGXUzQi-uM7AAG3K1Q6RyukyuR2Py6QHwLot1uZmZt4wrBo6tQRCl3RjHBKGcDmEfBZ6_gFucksFMkINTU3sIDmOvSAChopraXjfYh0KarEDmDnIMsEPl7FVhl4N_I0yLK9O5XSS07AvAc-7RRD8dupe7inDITCHEvoJ16osgL1IzoDvc7ZPDj8-xhJ_kAsKc-vJ5WYESAlCFx_fixedM43Apg2TySNE5nSeJFCa02F4ViZleY7K2l4h_p143DzVZjWEBeKmyQVRXhbZzL6HwONOckham_LHuSrP_sOtVc7BrFwmZq2NZtXEOWyQWfJ4Yp0qg8NzV2LhKLc4LookQuilt8OA8jyEeTabu3Rq9zp0y-FodMg64qfWcPSu53HiwYC9dags5zhXa8zuZRcPMO_orCPVYnmO761xAfsp-P8aJJZDqpxlzKA0s-ClBegunC5C9Xq5snIq-f4hT45u8ldBfAr6dLkDO8BdPMTeutH52bTWX3iJ1ipW1YqMefJhPMzBHLwnJ3SYWN7WTEuRyoC6ndQ60PcEzsPJYAO5MxdY4WsnYOqv3aIryuTlwW3K0dNqcvBSirdar5X7AvidO-XLSXXrY134BogaLBze7FwVYwH7ZhzBdX-DwsUwQsJ7R0mRWxpNnhGu7NjkbB0-QJs",
- "expires_at": "2016-10-18T17:26:30Z",
- "team_name": "scaleft"
}Lists all service users for your team
OK
{- "list": [
- {
- "team_name": "william-faulkner",
- "id": "aa225c16-af6e-4ab4-9150-456fd472e2d7",
- "name": "OPA User",
- "status": "ACTIVE",
- "details": null,
- "user_type": "service",
- "deleted_at": null
}, - {
- "team_name": "william-faulkner",
- "id": "6b69de4e-90be-4016-9085-d54bf5815da1",
- "name": "A.User",
- "status": "DISABLED",
- "details": null,
- "user_type": "service",
- "deleted_at": null
}
]
}Creates a service user that can be used to automate interactions with the Okta Privileged Access API
Created
{- "name": "OPA User"
}{- "deleted_at": null,
- "details": null,
- "id": "aa225c16-af6e-4ab4-9150-456fd472e2d7",
- "name": "OPA User",
- "status": "ACTIVE",
- "team_name": "william-faulkner",
- "user_type": "service"
}Retrieve a specified service user
OK
{- "deleted_at": null,
- "details": null,
- "id": "6b69de4e-90be-4016-9085-d54bf5815da1",
- "name": "A.User",
- "status": "ACTIVE",
- "team_name": "william-faulkner",
- "user_type": "service"
}Updates a specified service user
OK
{- "status": "DISABLED"
}{- "deleted_at": null,
- "details": null,
- "id": "6b69de4e-90be-4016-9085-d54bf5815da1",
- "name": "A.User",
- "status": "DISABLED",
- "team_name": "william-faulkner",
- "user_type": "service"
}Lists all API keys for a specified service user. This doesn't return the corresponding secret for each API key.
OK
{- "list": [
- {
- "id": "c6de9d40-1e6c-4033-88cb-992367d162eb",
- "issued_at": "2020-04-07T02:00:00Z",
- "expires_at": "0001-01-01T00:00:00Z",
- "last_used": null
}, - {
- "id": "f37fadfc-fa03-4f46-a390-ce202772cff4",
- "issued_at": "2020-04-07T00:00:00Z",
- "expires_at": "2020-04-09T00:00:00Z",
- "last_used": null
}
]
}Rotates all API keys for a specified service user. This also sets an expiration date for the existing API keys.
OK
{- "expires_at": "0001-01-01T00:00:00Z",
- "id": "ba7ffbe9-c8e4-45c9-bc07-45729711c952",
- "issued_at": "2020-04-07T00:00:00Z",
- "last_used": null,
- "secret": "NOvsvBg0g9mFXdHbLxEJcEFpu+LZjQSKsYezqMALq5WbGZTpUsxoS4vBqqHOO9O3xrhOq03B+oLf7bSTShbudw=="
}Deletes an API key for a service user. The service user can no longer authenticate with this API key.
No Content