How do I generate an API Token programmatically?

The Okta API requires a token that can be created here:

they expire in 30 days, I guess they are not mean to be used in real applications unless they can be obtained programmatically? How do I do that?


EDIT: wait, reading again, sounds like they expire 30 days after they were last used (not after creation date), should be fine then.

You’re correct. They are only automatically revoked if they’re not used. And, there is no way to get an API token programmatically. They must be created in the admin console for the sake of security.

@bigcat Out of curiosity, which Okta APIs are you calling in your code?

the users API using this:

Hi – just to follow up and confirm: if I use Okta to log in to my web app and it uses the domain together with client id and secret to make it all work, then, if I want to assign different permissions inside my app depending on which group the user belongs to on Okta then I need the API token and this needs to be created manually?

For context I’m using the REST API (i.e no lib), I get the user id from the id token (the “sub” field) and then use it with $domain/api/v1/users/$userId/groups to get the user’s groups. This last query needs an API token.