Is there a API endpoint to list all the API Tokens under my okta domain?

I am currently building a dashboard to monitor all the API tokens under my okta domain. I only need to track the API token id, status, and some timestamps, no need to reveal the token strings.

After researching around for a while, I couldn’t find such API that can return the list of API tokens.
Then I extracted an internal API from the OKTA Admin UI → Security → API → Token view. And this is the internal API looks like: https://xxxxxx.okta.com/api/internal/tokens

Here’s some questions about the API:

  1. Is there a real public API that can list all the API tokens?
  2. If there’s no public API to list API tokens, is it allowed to use the /api/internal/tokens endpoint outside okta UI to list all the tokens?
  3. What’s the rate limit for /api/internal/tokens?
  4. Is there any security concern on using this API outside OKTA UI? Why there’s no such API created or documented for customer to use?

Thank you!

Hi @weiquan! Unfortunately, there is currently no public endpoint for listing APIs and we do not expose /api/internal/tokens to the public either. I encourage you to create a feature request with your use case here on our Ideas Portal https://ideas.okta.com/.

Thank you sigama for the suggestion. I am going to send a feature request for that.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.