Using different API tokens for ReST Call

MDD · October 17, 2019, 9:29am

Hi,

We have a requirement to invoke Okta API’s based on a user who has logged into an application.For example,we have a small login application where the user logs in and then will perform some operation like searchuser,createuser etc in Okta.If the logged in user is a SuperAdmin,then he should be able to perform all the operations and if the logged user is a normal user without any permissions,he can do only the operations he is allowed.

To implement this my understanding is,we need to pass the logged in user’s API Token while invoking the ReST call.But Okta has not provided any option to retrieve another person’s token.

Let me know is there any other solution available to implement this.

Thanks in advance.

dragos · October 18, 2019, 1:35am

Hi @MDD

How are the users authenticating inside the application? If you have a SAML or OpenID Connect authentication, you can pass the user’s group memberships and, based on this, provide certain roles inside the application.

All the calls to Okta from the application can be done via an API Token created by a super admin service account and you can have a logic inside your application to provide a number of available calls depending on the group memberships.

Post		Replies	Views
Okta for API tokens for REST APIS OAuth/OIDC	2	3669	November 25, 2019
Cannot make Okta API Rest calls using using OAuth2 token as Bearer token Questions	8	4821	February 8, 2024
Create API in Java Spring Boot Questions	2	3540	May 4, 2020
Okta API Only Needs API Token? API	2	2319	October 6, 2022
Get Okta users API with sessionToken OAuth/OIDC	5	3665	October 18, 2022

Using different API tokens for ReST Call

Related topics