Authenticate endpoint

I have built an okta client application by using the okta API endpoints. The client app that I have generated is authenticating a username and password (/authn endpoint) without even providing the API token. Is this approach correct? where as for other API endpoints, it throws an error saying invalid token.

Since the /authn endpoint is used for user authentication (instead of admin actions), it does not require the use of an API token. The user can use the /authn endpoint to get back a sessionToken so they can start their Okta session, but they won’t be able to call Okta’s management endpoints the way an Admin can with an API token (such as to create groups, users, apps, etc)

1 Like