DavidF.01612 (Customer) asked a question.
Dev Environment Needing Less Access to API Data
Hi,
I'm developing a cron job to list our employee users from API with the node.js SDK. I'd like to secure our token so that only production applications can securely do this.
During development, I'd like our team to be able to test the code on local machines against representative API data, which means that developers would need to know the production token. Do you have any suggestions for how to limit access in this use case?
Hi David,
API tokens inherit the API access of the user who creates them, so I recommend you create a "service account" user with only the permission levels that you need for the token to perform the API tasks that you require.
Here is the complete list of permission levels:
https://help.okta.com/en/prod/Content/Topics/Security/Administrators.htm
More info on the API :
https://help.okta.com/en/prod/Content/Topics/Security/API.htm
If you encounter issues, I suggest opening a support ticket.