Many of the API endpoints take an identifier (e.g., user id, application id, etc.). These identifiers appear to have some kind of constraints. What are the constraints on these identifiers that I can use to validate before I make a call to the Okta API (i.e., length, valid characters, etc.)?
Any perceived constraints today may change tomorrow and Okta reserves the right to change the format of these IDs at will. We recommend that you treat these as opaque strings for any code that you write that leverages Okta's APIs. You shouldn't need to do any validation of these IDs as Okta will always generate them itself.