Managing API Access Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a000000xaqusak&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fapi-access-management
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Managing API Access
Published: May 2, 2017   -   Updated: Jun 19, 2017


Current Release Status: EA

The API Access Management feature gives you the ability to extend Okta to protect and secure your APIs with a reliable Identity and Access Policy layer. This new feature will allow you to grant your users access with strong, auditable policies to authenticate to your APIs.

Feature Highlights

Overview
  • This feature update gives you the ability to extend Okta to protect and secure your APIs with a reliable Identity and Access Policy. layer.
  • You can develop customizable policies that grant employees, partners, or customers the ability to authenticate to your APIs.

Best Practices

  • It is always a best practice to use standard JSON web tokens to share user information.
  • If possible try to use a Refresh Token so that you can revalidate or confirm access at any time.
  • API Access Management directly, we can plug into API gateways like Mulesoft, Apigee, AWS, and Azure. That way you don’t have to duplicate user credentials and permissions in numerous places.

FAQ

Q: What grant types or OAuth flows do you support?

A: Currently we the Implicit or Hybrid flow which is ideal for mobile devices. The Authorization Code flow which people are the most familiar with and finally the Resource Owner Password flow. On the internal or server to server side, we support client credential grant type. 

Q: Can I create custom Scopes and Claims?

A: Yes, you can create any Scopes and Claims you need to support your application. You can even have group-specific Scopes so your Legal and Marketing teams have completely different permissions.

Q: What is the lifetime of an Access Token?

A:  That is mostly up to you. Our default is one hour but the minimum is 5 minutes and the maximum is 24 hours.
 

​Look for our next feature videos coming out soon! If you have any ideas how we can make these feature highlight videos more useful for you please let us know.                            

Post a Comment