Create API token and service account


#1

Is it possible to use an API token for an application that will use some of the endpoints my API expose?
I did not find much on API Token documentation. Is this intended for this use? If so, assuming that the application has that api token then when sending to the API what the API should do in order to either validate that token or call to another okta endpoint to make sure the token is valid?

Thanks


#2

You can’t use the API Token to protect your endpoints.
Okta API tokens are used to authenticate requests to the “Okta API” just like HTTP cookies authenticate requests to the Okta Application with your browser.

Reference - https://support.okta.com/help/Documentation/Knowledge_Article/API-54325410

If you need to protect your own API endpoints, you should use API Access Management - https://developer.okta.com/use_cases/api_access_management/


#3

Thanks for your answer.