On This Page

Before you begin

Note: Okta's Developer Edition makes most key developer features available by default for testing purposes. Okta's API Access Management product — a requirement to use Custom Authorization Servers — is an optional add-on in production environments.

This guide shows you how to add Okta authentication to your API endpoints. When you've finished following the steps, clients will need a token generated by Okta to call your protected endpoints.

These steps apply to back-end APIs that are serving single-page apps or mobile apps that use Okta to sign users in. If you are building a web app that is served by a server framework, see Sign users in to your web app.

This guide assumes that you:

If you don't have an existing app, or are new to building apps, start with this documentation:

Instructions for


If you need help or have an issue, post a question on the Okta Developer Forum (opens new window).