AdamM.90568 (Customer) asked a question.
Hello,
following endpoints from Attack Protection API group stopped working for me:
/attack-protection/api/v1/user-lockout-settings
/attack-protection/api/v1/authenticator-settings
I am sure they previously worked just fine but now they always respond with 404 if not requested with "-admin" suffix in the host. So, if I request this: "https://dev-{oktaId}.okta.com/attack-protection/api/v1/authenticator-settings" I get 404 Not found, but if I request this: "https://dev-{oktaId}-admin.okta.com/attack-protection/api/v1/authenticator-settings" I get a 200.
In the documentation it just says to use {yourOktaDomain}, not explaining what exactly is meant behind this variable. I also noticed that whenever there is a "_links" field in the response the links provided there never have this "-admin" suffix:
So, what exactly is the difference? And why all other endpoints in the API work just fine without the "-admin" suffix in the host? Should I use the suffix always, or only for these endpoints?
Thank you in advance!
I suggest you open a support case (https://support.okta.com/help/s/cases) with Okta on this matter. Like you said, the documentation does not indicate the need for using "-admin" as part of the URL. I don't recall ever having to using "-admin" for any other APIs.
The following is a link and details from the Okta documentation for "Retrieve the authenticator settings" API call.
https://developer.okta.com/docs/api/openapi/okta-management/management/tag/AttackProtection/#tag/AttackProtection/operation/getAuthenticatorSettings
GET definition:
https://{yourOktaDomain}/attack-protection/api/v1/authenticator-settings
Request example:
curl -i -X GET \ https://subdomain.okta.com/attack-protection/api/v1/authenticator-settings \ -H 'Authorization: YOUR_API_KEY_HERE'