<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008OMZFHSA5Okta Classic EngineIntegrationsAnswered2018-10-12T18:01:54.000Z2018-10-01T19:42:30.000Z2018-10-12T18:01:54.000Z

RobP.81728 (Customer) asked a question.

Edited October 1, 2018 at 7:43 PM
Any way to use Okta OAuth2 tokens to access Okta APIs

I would like to authenticate Okta users via OAuth2 and then use the resulting tokens to be able to call Okta APIs (user/group specifically). I see a note at https://developer.okta.com/docs/api/getting_started/design_principles*authentication that says

 

"The API key (API token) isn’t interchangeable with an Okta session token, access tokens or ID tokens used with OAuth 2.0 and OpenID Connect."

 

Does that mean it's not possible at all to use Okta OAuth2 tokens to call the Okta REST APIs? (If so, why?) Or is there a different mechanism to achieve OAuth2-based API access?

 

Thanks,

  • 2 answers
  • 1.38K views

  • dragos.gaftoneanu1.5193128389903699E12 (Okta, Inc.)

    Hi Rob,

     

    REST API endpoints have been designed to be accessed only with API tokens due to the security level required for gathering or modifying certain details. As per the documentation article https://developer.okta.com/docs/api/getting_started/getting_a_token "API tokens inherit the API access of the user who creates them" and, as such, end users should not be able to see details that they do not have access to by using a bearer token header.

     

    Dragos Gaftoneanu

    Developer Support Engineer

    Okta Global Customer Care

    Expand Post
    Selected as Best

  • dragos.gaftoneanu1.5193128389903699E12 (Okta, Inc.)

    Hi Rob,

     

    REST API endpoints have been designed to be accessed only with API tokens due to the security level required for gathering or modifying certain details. As per the documentation article https://developer.okta.com/docs/api/getting_started/getting_a_token "API tokens inherit the API access of the user who creates them" and, as such, end users should not be able to see details that they do not have access to by using a bearer token header.

     

    Dragos Gaftoneanu

    Developer Support Engineer

    Okta Global Customer Care

    Expand Post
    Selected as Best

  • mike.davie1.5312945692819849E12 (Customer First Programs)

    Hello Rob,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."

     

    Thank you,

    Mike Davie

    Okta Help Center

    Expand Post
This question is closed.
Loading
Any way to use Okta OAuth2 tokens to access Okta APIs