<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Doesn't Log All OAuth Endpoints in System Log - /introspect /userinfo /keys
Apr 1, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

This article clarifies which Open Authorization (OAuth) endpoints do not appear in the System Log.

Applies To
  • /introspect
  • /userinfo
  • /keys
  • System Log
  • Open Authorization (OAuth)
  • OpenID Connect / OAuth 2.0
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
Cause

Certain endpoints do not generate events in the System Log. This includes the following:

Only token creation (minting) events, such as app.oauth2.token.grant.access_token, are logged. These logs indicate when an access token was issued for a specific <client_id>, but they do not capture when or how often the token was introspected.

Solution

To monitor or limit the usage of these endpoints, use the following methods:

  • Review application or Application Programming Interface (API) gateway logs to track outgoing requests to /introspect.
  • Implement local token validation to reduce dependency on the /introspect endpoint and avoid rate-limit issues.
  • To monitor rate limits, check the rate-limit metrics for each OAuth client in the Okta Admin Console using the following query: eventType co "system.rate.limit" and target.id eq "client Id".

Recommended content

Still looking for help?
Loading
Okta Doesn't Log All OAuth Endpoints in System Log - /introspect /userinfo /keys