How to Grant Read-Only Access to Okta's Access Request API Without Allowing Write Operations

I would like to grant okta users permission to hit read-only api in okta’s access request api, but I can’t find a way to do it. I have tried the following methods

Grant permission using custom roles => When I hit the access request api (e.g. retriave a request type), I get “You do not have permission to execute requests”.
Grant access request administrator authority => I can hit an api other than read (e.g. create a request type).

I would like to know if it is possible to grant permission to hit read-only api in okta’s access request api, and if so, how to do it.

Hi Ryuya,

Thank you for reaching out to the Okta Developer Forum. My name is Akash, from Okta and I will be assisting you with your queries.

With regards to your query, please note that the read only Access Request API like “List all requests” and “Retrieve a requests” requires two set of permissions that are given below.

OAuth2.0 Scope - okta.governance.accessRequests.read
Admin Role - Access Requests Administrator

If you are using the Service application to generate the Scopes Access Token, then please refer to this documentation to assign the given admin role - Implement OAuth for Okta with a service app | Okta Developer

Like wise, please grant the given OAuth2.0 scope to the app by referring to this documentation - Implement OAuth for Okta with a service app | Okta Developer

The given Admin Role and OAuth2.0 Scopes are listed in the API documentation - Requests

Find all the OAuth2.0 Scopes for the Okta Governance API - OAuth 2.0 Scopes

Feel free to let me know if you have any other queries.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.