On This Page
Okta API tokens are used to authenticate requests to Okta APIs.
When calling an Okta API endpoint, you need to supply a valid API token in the HTTP
Authorization header, with a valid token specified as the header value. The value needs to be prefixed with the identifier
SSWS, which specifies the proprietary authentication scheme Okta uses. For example:
Authorization: SSWS 00QCjAl4MlV-WPXM...0HmjFx-vbGua
Different Okta API operations require different admin privilege levels. API tokens inherit the privilege level of the admin account used to create them. It is therefore good practice to create a service account to use when you create API tokens so that you can assign the token the specific privilege level needed. See Administrators (opens new window) for admin account types and the specific privileges of each.
As an alternative to Okta API tokens, you can now interact with Okta APIs using scoped OAuth 2.0 access tokens for a number of Okta endpoints. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains. For more information, see the OAuth for Okta guide.
If you need help or have an issue, post a question in our Developer Forum (opens new window).