API Service Accounts

In the Rest API documentation I found the following concerning creating service accounts. However I cannot find any documentation or otherwise in the Okta dashboard how to create a service account with specific REST API permissions. The specific permission I want to grant is Read-only on the “logs” endpoint. Any guidance would be appreciated. Thanks


Token Best Practice: Service Account

API tokens inherit the API access of the user who creates them, so we recommend you create a “service account” user with only the permission levels you need for the token to perform the API tasks you require.

I believe “service account” means it’s an Okta user account but not used by a real human in the normal sense. For example, alice.smith@example.com is a normal user account, while api.service.account@example.com is for creating the api token and limiting access of that token.

In our case, we used a group email address for the service account so messages are sent to multiple people in the company.