On This Page

Most Okta API endpoints require that you include an API token with your request. Currently, this API token takes the form of an SSWS token that you generate in the Admin Console. With OAuth for Okta, you are able to interact with Okta APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains.

Important: You request an access token by making a call to your Okta Org Authorization Server /authorize endpoint. Only the Org Authorization Server can mint access tokens that contain Okta API scopes. See Which authorization server should you use.

Scoped access tokens have a number of advantages, including:

  • More access granularity
  • Shorter token lifespans
  • Can be generated and retrieved using an API


To use this guide, you need the following:

Note: At this time, OAuth for Okta works only with the APIs listed in the Scopes and supported endpoints section. We are actively working towards supporting additional APIs. Our goal is to cover all public Okta API endpoints.


If you need help or have an issue, post a question on the Okta Developer Forum (opens new window).