Api token to access small number of speciic apis

akshar · January 5, 2022, 12:59pm

Dear team
I am suppose to use the below mentioned apis to query OKTA and also to send push notification the user device

/api/v1/users?q=user → to find user based on certain filter
/api/v1/users//factors → get the factors associated with a user
/api/v1/users//factors//verify → to send push to the user device

I want to create API token which can access only these apis and nothing else .I dont want to use “organizational Administator API token”.

Thanks and regards
Akshar

phi1ipp · January 9, 2022, 12:11am

Unfortunately it’s not possible exactly you describe it. Tokens are attached to administrator users, so the only way is to create an administrative user with required (close to required) functions available.

You can try “HelpDesk” administrator privs, but I’m not 100% sure they are allowed to do factor stuff (though they can do factors reset). If that does not work, then you’ll be left with Group Admin privs w/o scoping to a specific group.

Post		Replies	Views
How to lock down an API token to only access what our application needs Questions	22	5859	July 26, 2023
API Token of other user Questions	2	3651	October 17, 2019
Factors API - API Token Permissions? OAuth/OIDC	3	3301	June 22, 2021
Public API to List all API tokens for users Questions	2	2337	August 12, 2022
Create API tokens for my app like github OAuth/OIDC	3	3397	September 24, 2020

Api token to access small number of speciic apis

Related topics