API error "invalid session"

rhornsby · February 3, 2025, 9:23pm

This has to be a stupid question, but I’m trying to use cURL to call the Okta API just as shown in the examples in the API docs[1]:

curl -i -X GET \
  https://subdomain.okta.com/api/v1/apps \
  -H 'Authorization: YOUR_API_KEY_HERE'

so, I naturally get:

╰─○ curl -X GET \
  "https://my_okta_domain.okta.com/api/v1/apps/" \
  -H "Authorization: $OKTA_API_TOKEN"

but it errors out {"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"some-random-string-here","errorCauses":[]}

The specific API call (in the example here, “list applications”) doesn’t seem to matter.

$OKTA_API_TOKEN is valid because Terraform uses it and can talk to Okta. I’ve seen some suggestions that the Authorization header value needs to contain the string (literal?) SWSS for some reason, but that doesn’t work either.

I’ve also tried to use the postman collection and am getting the same error. This can’t be that hard, I must be missing something obvious?

thanks

[1] Applications

andrea · February 3, 2025, 9:26pm

if you are passing a static API token generated in the admin UI (at Security → API → Tokens), then yes, your Authorization header value should be set to SSWS YOUR_API_TOKEN. (note that its SSWS not SWSS)

rhornsby · February 3, 2025, 9:30pm

Thanks the prompt reply. You’re right, I needed to use SSWS in the Authorization header.

system · February 4, 2025, 9:31pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Okta API call using API Key throws 403 Error API	4	6636	March 25, 2021
Cannot use Okta through Postman or SDK Questions	10	5702	June 17, 2021
Okta session not validating Questions	9	1688	October 16, 2023
Invalid Token error Questions	2	5584	January 24, 2024
Get User API is giving invalid token error OAuth/OIDC	2	4853	March 11, 2022

API error "invalid session"

Related topics