The Okta API is a unified identity and access management interface that allows developers to integrate authentication, authorization, user management, group management, application provisioning, policies, sessions, hooks, logs, and more into their applications. It provides programmatic access to the full Okta Identity Cloud platform for managing identity lifecycle and security across enterprise systems.
openapi: 3.0.1
info:
title: Okta API
description: Allows customers to easily access the Okta API
termsOfService: https://developer.okta.com/terms/
contact:
name: Okta Developer Team
url: https://developer.okta.com/
email: [email protected]
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: 2.16.0
externalDocs:
description: Find more info here
url: https://developer.okta.com/docs/api/getting_started/design_principles.html
servers:
- url: https://your-subdomain.okta.com/
paths:
/api/v1/apps:
get:
tags:
- Application
summary: Okta List Applications
description: Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.
operationId: listApplications
parameters:
- name: q
in: query
schema:
type: string
- name: after
in: query
description: Specifies the pagination cursor for the next page of apps
schema:
type: string
- name: limit
in: query
description: Specifies the number of results for a page
schema:
type: integer
format: int32
default: -1
- name: filter
in: query
description: "Filters apps by status, user.id, group.id or credentials.signing.kid expression"
schema:
type: string
- name: expand
in: query
description: Traverses users link relationship and optionally embeds Application User resource
schema:
type: string
- name: includeNonDeleted
in: query
schema:
type: boolean
default: false
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Application'
security:
- api_token: []
post:
tags:
- Application
summary: Okta Add Application
description: Adds a new application to your Okta organization.
operationId: createApplication
parameters:
- name: activate
in: query
description: Executes activation lifecycle operation when creating the app
schema:
type: boolean
default: true
- name: OktaAccessGateway-Agent
in: header
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
security:
- api_token: []
x-codegen-request-body-name: application
/api/v1/apps/{appId}:
get:
tags:
- Application
summary: Okta Get Application
description: Fetches an application from your Okta organization by `id`.
operationId: getApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: expand
in: query
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
security:
- api_token: []
put:
tags:
- Application
summary: Okta Update Application
description: Updates an application in your organization.
operationId: updateApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
security:
- api_token: []
x-codegen-request-body-name: application
delete:
tags:
- Application
summary: Okta Delete Application
description: Removes an inactive application.
operationId: deleteApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/connections/default:
get:
tags:
- Application
summary: Okta Fetches the default Provisioning Connection for an application.
description: Get default Provisioning Connection for application
operationId: getDefaultProvisioningConnectionForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningConnection'
"404":
description: Not Found
content: {}
security:
- api_token: []
post:
tags:
- Application
summary: Okta Sets the default Provisioning Connection for an application.
description: Set default Provisioning Connection for application
operationId: setDefaultProvisioningConnectionForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: activate
in: query
schema:
type: boolean
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningConnectionRequest'
required: true
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningConnection'
"400":
description: Bad Request
content: {}
"404":
description: Not Found
content: {}
security:
- api_token: []
x-codegen-request-body-name: profile
/api/v1/apps/{appId}/connections/default/lifecycle/activate:
post:
tags:
- Application
summary: Okta Activate default Provisioning Connection for application
description: Activates the default Provisioning Connection for an application.
operationId: activateDefaultProvisioningConnectionForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
"404":
description: Not Found
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
post:
tags:
- Application
summary: Okta Deactivate default Provisioning Connection for application
description: Deactivates the default Provisioning Connection for an application.
operationId: deactivateDefaultProvisioningConnectionForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
"404":
description: Not Found
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/credentials/csrs:
get:
tags:
- Application
summary: Okta List Certificate Signing Requests for Application
description: Enumerates Certificate Signing Requests for an application
operationId: listCsrsForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Csr'
security:
- api_token: []
post:
tags:
- Application
summary: Okta Generate Certificate Signing Request for Application
description: Generates a new key pair and returns the Certificate Signing Request for it.
operationId: generateCsrForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CsrMetadata'
required: true
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/Csr'
security:
- api_token: []
x-codegen-request-body-name: metadata
/api/v1/apps/{appId}/credentials/csrs/{csrId}:
get:
tags:
- Application
operationId: getCsrForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: csrId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/Csr'
security:
- api_token: []
delete:
tags:
- Application
operationId: revokeCsrFromApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: csrId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
post:
tags:
- Application
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: csrId
in: path
required: true
schema:
type: string
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/JsonWebKey'
security:
- api_token: []
x-okta-multi-operation:
- consumes:
- application/x-x509-ca-cert
encoding: base64
operationId: publishCerCert
parameters:
- in: body
name: certificate
required: true
type: string
- consumes:
- application/x-x509-ca-cert
operationId: publishBinaryCerCert
parameters:
- format: binary
in: body
name: certificate
required: true
type: string
- consumes:
- application/pkix-cert
encoding: base64
operationId: publishDerCert
parameters:
- in: body
name: certificate
required: true
type: string
- consumes:
- application/pkix-cert
operationId: publishBinaryDerCert
parameters:
- format: binary
in: body
name: certificate
required: true
type: string
- consumes:
- application/x-pem-file
operationId: publishBinaryPemCert
parameters:
- format: binary
in: body
name: certificate
required: true
type: string
/api/v1/apps/{appId}/credentials/keys:
get:
tags:
- Application
summary: Okta List Key Credentials for Application
description: Enumerates key credentials for an application
operationId: listApplicationKeys
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/JsonWebKey'
security:
- api_token: []
/api/v1/apps/{appId}/credentials/keys/generate:
post:
tags:
- Application
description: Generates a new X.509 certificate for an application key credential
operationId: generateApplicationKey
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: validityYears
in: query
schema:
type: integer
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/JsonWebKey'
security:
- api_token: []
/api/v1/apps/{appId}/credentials/keys/{keyId}:
get:
tags:
- Application
summary: Okta Get Key Credential for Application
description: Gets a specific application key credential by kid
operationId: getApplicationKey
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: keyId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/JsonWebKey'
security:
- api_token: []
/api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
post:
tags:
- Application
summary: Okta Clone Application Key Credential
description: Clones a X.509 certificate for an application key credential from a source application to target application.
operationId: cloneApplicationKey
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: keyId
in: path
required: true
schema:
type: string
- name: targetAid
in: query
description: Unique key of the target Application
required: true
schema:
type: string
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/JsonWebKey'
security:
- api_token: []
/api/v1/apps/{appId}/credentials/secrets:
get:
tags:
- Application
summary: Okta List client secrets
description: Enumerates the client's collection of secrets
operationId: listClientSecretsForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ClientSecret'
security:
- api_token: []
post:
tags:
- Application
summary: Okta Add new client secret
description: Adds a new secret to the client's collection of secrets.
operationId: createNewClientSecretForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ClientSecretMetadata'
required: true
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/ClientSecret'
security:
- api_token: []
x-codegen-request-body-name: metadata
/api/v1/apps/{appId}/credentials/secrets/{secretId}:
get:
tags:
- Application
summary: Okta Get client secret
description: Gets a specific client secret by secretId
operationId: getClientSecretForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: secretId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ClientSecret'
security:
- api_token: []
delete:
tags:
- Application
description: Removes a secret from the client's collection of secrets.
operationId: deleteClientSecretForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: secretId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate:
post:
tags:
- Application
summary: Okta Activate a client secret
description: Activates a specific client secret by secretId
operationId: activateClientSecretForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: secretId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ClientSecret'
security:
- api_token: []
/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate:
post:
tags:
- Application
summary: Okta Deactivate a client secret
description: Deactivates a specific client secret by secretId
operationId: deactivateClientSecretForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: secretId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ClientSecret'
security:
- api_token: []
/api/v1/apps/{appId}/features:
get:
tags:
- Application
summary: Okta Fetches the Feature objects for an application.
description: List Features for application
operationId: listFeaturesForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ApplicationFeature'
"404":
description: Not Found
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/features/{name}:
get:
tags:
- Application
summary: Okta Fetches a Feature object for an application.
description: Fetches a Feature object for an application.
operationId: getFeatureForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: name
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationFeature'
"404":
description: Not Found
content: {}
security:
- api_token: []
put:
tags:
- Application
summary: Okta Updates a Feature object for an application.
description: Updates a Feature object for an application.
operationId: updateFeatureForApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: name
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CapabilitiesObject'
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationFeature'
"404":
description: Not Found
content: {}
security:
- api_token: []
x-codegen-request-body-name: capabilities
/api/v1/apps/{appId}/grants:
get:
tags:
- Application
description: Lists all scope consent grants for the application
operationId: listScopeConsentGrants
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: expand
in: query
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
security:
- api_token: []
post:
tags:
- Application
description: Grants consent for the application to request an OAuth 2.0 Okta scope
operationId: grantConsentToScope
parameters:
- name: appId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
required: true
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
security:
- api_token: []
x-codegen-request-body-name: oAuth2ScopeConsentGrant
/api/v1/apps/{appId}/grants/{grantId}:
get:
tags:
- Application
description: Fetches a single scope consent grant for the application
operationId: getScopeConsentGrant
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: grantId
in: path
required: true
schema:
type: string
- name: expand
in: query
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
security:
- api_token: []
delete:
tags:
- Application
description: Revokes permission for the application to request the given scope
operationId: revokeScopeConsentGrant
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: grantId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/groups:
get:
tags:
- Application
summary: Okta List Groups Assigned to Application
description: Enumerates group assignments for an application.
operationId: listApplicationGroupAssignments
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: q
in: query
schema:
type: string
- name: after
in: query
description: Specifies the pagination cursor for the next page of assignments
schema:
type: string
- name: limit
in: query
description: Specifies the number of results for a page
schema:
type: integer
format: int32
default: -1
- name: expand
in: query
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ApplicationGroupAssignment'
security:
- api_token: []
/api/v1/apps/{appId}/groups/{groupId}:
get:
tags:
- Application
summary: Okta Get Assigned Group for Application
description: Fetches an application group assignment
operationId: getApplicationGroupAssignment
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: groupId
in: path
required: true
schema:
type: string
- name: expand
in: query
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationGroupAssignment'
security:
- api_token: []
put:
tags:
- Application
summary: Okta Assign Group to Application
description: Assigns a group to an application
operationId: createApplicationGroupAssignment
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: groupId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationGroupAssignment'
required: false
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ApplicationGroupAssignment'
security:
- api_token: []
x-codegen-request-body-name: applicationGroupAssignment
delete:
tags:
- Application
summary: Okta Remove Group from Application
description: Removes a group assignment from an application.
operationId: deleteApplicationGroupAssignment
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: groupId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/lifecycle/activate:
post:
tags:
- Application
summary: Okta Activate Application
description: Activates an inactive application.
operationId: activateApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/lifecycle/deactivate:
post:
tags:
- Application
summary: Okta Deactivate Application
description: Deactivates an active application.
operationId: deactivateApplication
parameters:
- name: appId
in: path
required: true
schema:
type: string
responses:
"200":
description: Success
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/logo:
post:
tags:
- Application
summary: "Okta The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling."
description: Update the logo for an application.
operationId: uploadApplicationLogo
parameters:
- name: appId
in: path
required: true
schema:
type: string
requestBody:
content:
multipart/form-data:
schema:
required:
- file
type: object
properties:
file:
type: string
format: binary
required: true
responses:
"201":
description: Created
content: {}
"400":
description: Bad Request
content: {}
"404":
description: Not Found
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/policies/{policyId}:
put:
tags:
- Application
summary: Okta Update application policy
description: Assign an application to a specific policy. This unassigns the application from its currently assigned policy.
operationId: updateApplicationPolicy
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: policyId
in: path
required: true
schema:
type: string
responses:
"204":
description: No Content
content: {}
security:
- api_token: []
/api/v1/apps/{appId}/sso/saml/metadata:
get:
tags:
- Application
description: Previews SAML metadata based on a specific key credential for an application
operationId: previewSAMLAppMetadata
parameters:
- name: appId
in: path
required: true
schema:
type: string
- name: kid
in: query
description: unique key identifier of an Application Key Credential
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/xml:
schema:
type: object
properties:
EntityDescriptor:
type: object
properties:
IDPSSODescriptor:
type: object
properties:
KeyDescriptor:
type: object
properties:
KeyInfo:
type: object
properties:
X509Data:
type: object
properties:
X509Certificate:
type: string
use:
# --- truncated at 32 KB (448 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/openapi/okta-openapi-original.yml