Api token to access small number of speciic apis

Dear team
I am suppose to use the below mentioned apis to query OKTA and also to send push notification the user device

/api/v1/users?q=user → to find user based on certain filter
/api/v1/users//factors → get the factors associated with a user
/api/v1/users//factors//verify → to send push to the user device

I want to create API token which can access only these apis and nothing else .I dont want to use “organizational Administator API token”.

Thanks and regards
Akshar

Unfortunately it’s not possible exactly you describe it. Tokens are attached to administrator users, so the only way is to create an administrative user with required (close to required) functions available.

You can try “HelpDesk” administrator privs, but I’m not 100% sure they are allowed to do factor stuff (though they can do factors reset). If that does not work, then you’ll be left with Group Admin privs w/o scoping to a specific group.