limiting api permissions Skip to main content
https://support.okta.com/help/answers?id=906f0000000dfetia4&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Art CarreraArt Carrera 

limiting api permissions

Is there a way to limit permissions for API keys?  I want to hand out a key for authentication only but don't want to allow it to modify any user or system settings.  Is that possible?
Thomas KirkThomas Kirk (Okta, Inc.)
The Authn API doesn't require an api token. You will have to add the domain to the CORS list in Okta. Take a look at http://developer.okta.com/docs/api/resources/authn.html for more information about the Authn API.

API Token permisisons are tied to the admin who created them. If a super user created the token, the token will have super user permissions. If a read only admin created a token, the token will have read only premissons. 
Art CarreraArt Carrera
This is perfect. Thanks for the tips.