I was following this guide on hitting the API with the
okta.users.read scope to list out the users on one of my applications. I’m using the Okta DotNet SDK as well; however, the guide mentions that I need an access token but evidently I do not, all I am doing is supplying the API token and I am able to retrieve my list of users.
Is there some sort of explanation for this? I’d really prefer to request an access token than just have a static API token that immediately grants me access.