links explains how to get API tokens. I was wondering if there was a way to get API token using an API endpoint ?
I believe this beta will go to early access (EA) state in Q3 where you can then ask for that feature flag to be enabled on your Org:
Beta - OAuth 2.0 for Okta APIs
[Apply](javascript:void(0)
Most Okta API endpoints require that you include an API token with your request. Currently, this API token takes the form of an SSWS token that you generate in the Admin Console. With OAuth for Okta APIs , you are able to interact with Okta APIs using scoped OAuth 2.0 access tokens.
Scoped access tokens have a number of advantages, including more granularity for permissions, shorter token lifespans, downscoping of permissions and can also be generated and retrieved via an API.
Note : Over the next year we will progressively enable ALL Okta APIs to use OAuth 2.0. It is highly recommended that customers using or planning to use Okta APIs participate in the beta. Feedback from Beta customers around their current needs and future use cases will greatly influence the development of OAuth 2.0 for all Okta endpoints.
Example Use Cases : Delegated Administration, AD Agent, Profile Editor & Account Dashboard for Me, SaaS Org Chart App, User On-boarding/Off-boarding Automation Script, Custom HR / API as a Master, Export/Migration App, Dev Console, User Picker.
Hi @Neenu
Due to security issues that may occur, we do not provide a public API endpoint to create API tokens.
According to the reply above, looks like Okta would support this later this year. Is it still on the roadmap ?
Hi @Neenu
@Govner’s reply refers to a different approach in accessing the API endpoints by using a bearer token instead of an API token. This feature is indeed on the roadmap and can be found here under the section “In Progress”.
Hey. Is there any update on this topic?
Hello, From docs, I see api token is valid for 30 days and automatically renew every time when they are used with an API request. Once the token is renewed, does it have the same value, if not how to retrieve it.
wish it allowed custom claims in payload. Could have used to create application token specific to a user without username/password from user.