Okta API

Identity and access management

developer.okta.com/docs/reference ↗

Version

2.16.0

OpenAPI

3.0.0

Endpoints

341

Schemas

532

91

Quality

Updated

3 days ago

Identity identity authentication security

Use this API in your AI agent

Query structured spec data via REST or MCP. Get exactly what your agent needs.

Get API Key

Server URLs

https://your-subdomain.okta.com

Endpoints

GET POST PUT PATCH DELETE

Application 49 endpoints

GET /api/v1/apps List Applications

Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.

operationId: Application_listApps

Parameters

Name	In	Required	Type	Description
q	query	optional	string	—
after	query	optional	string	Specifies the pagination cursor for the next page of apps
limit	query	optional	integer	Specifies the number of results for a page
filter	query	optional	string	Filters apps by status, user.id, group.id or credentials.signing.kid expression
expand	query	optional	string	Traverses users link relationship and optionally embeds Application User resource
includeNonDeleted	query	optional	boolean	—

Responses

200

Success

GET /api/v1/apps

POST /api/v1/apps Add Application

Adds a new application to your Okta organization.

operationId: Application_createNew

Parameters

Name	In	Required	Type	Description
activate	query	optional	boolean	Executes activation lifecycle operation when creating the app
OktaAccessGateway-Agent	header	optional	string	—

Request Body

application/json

schema Application

Property	Type	Required
id	string	optional
name	string	optional
label	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
features	array	optional
settings	object	optional
└ app	object	optional
└ url	string	optional
└ acsUrl	string	optional
└ orgName	string	optional
└ buttonField	string	optional
└ loginUrlRegex	string	optional
└ passwordField	string	optional
└ usernameField	string	optional
└ notes	object	optional
└ admin	string	optional
└ enduser	string	optional
└ inlineHookId	string	optional
└ notifications	object	optional
└ vpn	object	optional
└ helpUrl	string	optional
└ message	string	optional
└ network	object	optional
└ implicitAssignment	boolean	optional
_embedded	object	optional
licensing	object	optional
└ seatCount	integer	optional
signOnMode	string	optional
visibility	object	optional
└ hide	object	optional
└ iOS	boolean	optional
└ web	boolean	optional
└ appLinks	object	optional
└ autoLaunch	boolean	optional
└ autoSubmitToolbar	boolean	optional
credentials	object	optional
└ signing	object	optional
└ kid	string	optional
└ use	string	optional
└ lastRotated	string	optional
└ nextRotation	string	optional
└ rotationMode	string	optional
└ userNameTemplate	object	optional
└ type	string	optional
└ suffix	string	optional
└ template	string	optional
└ pushStatus	string	optional
lastUpdated	string	optional
accessibility	object	optional
└ selfService	boolean	optional
└ errorRedirectUrl	string	optional
└ loginRedirectUrl	string	optional

Responses

200

Success

POST /api/v1/apps

DELETE /api/v1/apps/{appId} Delete Application

Removes an inactive application.

operationId: Application_removeInactive

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

DELETE /api/v1/apps/{appId}

GET /api/v1/apps/{appId} Get Application

Fetches an application from your Okta organization by id.

operationId: Application_getById

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}

PUT /api/v1/apps/{appId} Update Application

Updates an application in your organization.

operationId: Application_updateApplicationInOrg

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

application/json

schema Application

Property	Type	Required
id	string	optional
name	string	optional
label	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
features	array	optional
settings	object	optional
└ app	object	optional
└ url	string	optional
└ acsUrl	string	optional
└ orgName	string	optional
└ buttonField	string	optional
└ loginUrlRegex	string	optional
└ passwordField	string	optional
└ usernameField	string	optional
└ notes	object	optional
└ admin	string	optional
└ enduser	string	optional
└ inlineHookId	string	optional
└ notifications	object	optional
└ vpn	object	optional
└ helpUrl	string	optional
└ message	string	optional
└ network	object	optional
└ implicitAssignment	boolean	optional
_embedded	object	optional
licensing	object	optional
└ seatCount	integer	optional
signOnMode	string	optional
visibility	object	optional
└ hide	object	optional
└ iOS	boolean	optional
└ web	boolean	optional
└ appLinks	object	optional
└ autoLaunch	boolean	optional
└ autoSubmitToolbar	boolean	optional
credentials	object	optional
└ signing	object	optional
└ kid	string	optional
└ use	string	optional
└ lastRotated	string	optional
└ nextRotation	string	optional
└ rotationMode	string	optional
└ userNameTemplate	object	optional
└ type	string	optional
└ suffix	string	optional
└ template	string	optional
└ pushStatus	string	optional
lastUpdated	string	optional
accessibility	object	optional
└ selfService	boolean	optional
└ errorRedirectUrl	string	optional
└ loginRedirectUrl	string	optional

Responses

200

Success

PUT /api/v1/apps/{appId}

GET /api/v1/apps/{appId}/connections/default Fetches the default Provisioning Connection for an application.

Get default Provisioning Connection for application

operationId: Application_getDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

404

Not Found

GET /api/v1/apps/{appId}/connections/default

POST /api/v1/apps/{appId}/connections/default Sets the default Provisioning Connection for an application.

Set default Provisioning Connection for application

operationId: Application_setDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
activate	query	optional	boolean	—

Request Body

required

application/json

schema ProvisioningConnectionRequest

Property	Type	Required
profile	object	optional
└ token	string	optional
└ authScheme	string	optional

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/apps/{appId}/connections/default

POST /api/v1/apps/{appId}/connections/default/lifecycle/activate Activate default Provisioning Connection for application

Activates the default Provisioning Connection for an application.

operationId: Application_activateDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

204

No Content

404

Not Found

POST /api/v1/apps/{appId}/connections/default/lifecycle/activate

POST /api/v1/apps/{appId}/connections/default/lifecycle/deactivate Deactivate default Provisioning Connection for application

Deactivates the default Provisioning Connection for an application.

operationId: Application_deactivateDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

204

No Content

404

Not Found

POST /api/v1/apps/{appId}/connections/default/lifecycle/deactivate

GET /api/v1/apps/{appId}/credentials/csrs List Certificate Signing Requests for Application

Enumerates Certificate Signing Requests for an application

operationId: Application_listCsrsForApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/credentials/csrs

POST /api/v1/apps/{appId}/credentials/csrs Generate Certificate Signing Request for Application

Generates a new key pair and returns the Certificate Signing Request for it.

operationId: Application_generateCsrForApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

application/json

Name	In	Required	Type	Description
appId	path	required	string	—
csrId	path	required	string	—

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish

GET /api/v1/apps/{appId}/credentials/keys List Key Credentials for Application

Enumerates key credentials for an application

operationId: Application_listKeyCredentials

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/credentials/keys

POST /api/v1/apps/{appId}/credentials/keys/generate

Generates a new X.509 certificate for an application key credential

operationId: Application_generateX509Certificate

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
validityYears	query	optional	integer	—

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/keys/generate

GET /api/v1/apps/{appId}/credentials/keys/{keyId} Get Key Credential for Application

Gets a specific application key credential by kid

operationId: Application_getKeyCredential

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
keyId	path	required	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/credentials/keys/{keyId}

POST /api/v1/apps/{appId}/credentials/keys/{keyId}/clone Clone Application Key Credential

Clones a X.509 certificate for an application key credential from a source application to target application.

operationId: Application_cloneApplicationKeyCredential

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
keyId	path	required	string	—
targetAid	query	required	string	Unique key of the target Application

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/keys/{keyId}/clone

GET /api/v1/apps/{appId}/credentials/secrets List client secrets

Enumerates the client’s collection of secrets

operationId: Application_listClientSecrets

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/credentials/secrets

POST /api/v1/apps/{appId}/credentials/secrets Add new client secret

Adds a new secret to the client’s collection of secrets.

operationId: Application_addClientSecret

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

required

application/json

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

404

Not Found

GET /api/v1/apps/{appId}/features

GET /api/v1/apps/{appId}/features/{name} Fetches a Feature object for an application.

Fetches a Feature object for an application.

operationId: Application_getFeature

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
name	path	required	string	—

Responses

200

Success

404

Not Found

GET /api/v1/apps/{appId}/features/{name}

PUT /api/v1/apps/{appId}/features/{name} Updates a Feature object for an application.

Updates a Feature object for an application.

operationId: Application_updateFeature

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
name	path	required	string	—

Request Body

required

application/json

schema CapabilitiesObject

Property	Type	Required
create	object	optional
└ lifecycleCreate	object	optional
└ status	string	optional
update	object	optional
└ profile	object	optional
└ status	string	optional
└ password	object	optional
└ seed	string	optional
└ change	string	optional
└ status	string	optional
└ lifecycleDeactivate	object	optional
└ status	string	optional

Responses

200

Success

404

Not Found

PUT /api/v1/apps/{appId}/features/{name}

GET /api/v1/apps/{appId}/grants

Lists all scope consent grants for the application

operationId: Application_listScopeConsentGrants

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/grants

POST /api/v1/apps/{appId}/grants

Grants consent for the application to request an OAuth 2.0 Okta scope

operationId: Application_grantConsentToScope

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

required

application/json

schema OAuth2ScopeConsentGrant

Property	Type	Required
id	string	optional
_links	object	optional
issuer	string	optional
source	string	optional
status	string	optional
userId	string	optional
created	string	optional
scopeId	string	optional
clientId	string	optional
_embedded	object	optional
createdBy	object	optional
└ id	string	optional
└ type	string	optional
lastUpdated	string	optional

Responses

201

Created

POST /api/v1/apps/{appId}/grants

DELETE /api/v1/apps/{appId}/grants/{grantId}

Revokes permission for the application to request the given scope

operationId: Application_revokePermission

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
grantId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/apps/{appId}/grants/{grantId}

GET /api/v1/apps/{appId}/grants/{grantId}

Fetches a single scope consent grant for the application

operationId: Application_getSingleScopeConsentGrant

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
grantId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/grants/{grantId}

GET /api/v1/apps/{appId}/groups List Groups Assigned to Application

Enumerates group assignments for an application.

operationId: Application_listGroupsAssigned

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
q	query	optional	string	—
after	query	optional	string	Specifies the pagination cursor for the next page of assignments
limit	query	optional	integer	Specifies the number of results for a page
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/groups

DELETE /api/v1/apps/{appId}/groups/{groupId} Remove Group from Application

Removes a group assignment from an application.

operationId: Application_removeGroupAssignment

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
groupId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/apps/{appId}/groups/{groupId}

GET /api/v1/apps/{appId}/groups/{groupId} Get Assigned Group for Application

Fetches an application group assignment

operationId: Application_getGroupAssignment

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
groupId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/groups/{groupId}

PUT /api/v1/apps/{appId}/groups/{groupId} Assign Group to Application

Assigns a group to an application

operationId: Application_assignGroupTo

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
groupId	path	required	string	—

Request Body

application/json

schema ApplicationGroupAssignment

Property	Type	Required
id	string	optional
_links	object	optional
profile	object	optional
priority	integer	optional
_embedded	object	optional
lastUpdated	string	optional

Responses

200

Success

PUT /api/v1/apps/{appId}/groups/{groupId}

POST /api/v1/apps/{appId}/lifecycle/activate Activate Application

Activates an inactive application.

operationId: Application_activateInactive

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/lifecycle/activate

POST /api/v1/apps/{appId}/lifecycle/deactivate Deactivate Application

Deactivates an active application.

operationId: Application_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/lifecycle/deactivate

POST /api/v1/apps/{appId}/logo The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.

Update the logo for an application.

operationId: Application_updateLogo

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/apps/{appId}/logo

PUT /api/v1/apps/{appId}/policies/{policyId} Update application policy

Assign an application to a specific policy. This unassigns the application from its currently assigned policy.

operationId: Application_assignPolicyToApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
policyId	path	required	string	—

Responses

204

No Content

PUT /api/v1/apps/{appId}/policies/{policyId}

GET /api/v1/apps/{appId}/sso/saml/metadata

Previews SAML metadata based on a specific key credential for an application

operationId: Application_previewSamlAppMetadata

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
kid	query	required	string	unique key identifier of an Application Key Credential

Responses

200

Success

GET /api/v1/apps/{appId}/sso/saml/metadata

DELETE /api/v1/apps/{appId}/tokens

Revokes all tokens for the specified application

operationId: Application_revokeAllTokens

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/apps/{appId}/tokens

GET /api/v1/apps/{appId}/tokens

Lists all tokens for the application

operationId: Application_listTokens

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
expand	query	optional	string	—
after	query	optional	string	—
limit	query	optional	integer	—

Responses

200

Success

GET /api/v1/apps/{appId}/tokens

DELETE /api/v1/apps/{appId}/tokens/{tokenId}

Revokes the specified token for the specified application

operationId: Application_revokeToken

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
tokenId	path	required	string	—

Responses

204

No Content

DELETE /api/v1/apps/{appId}/tokens/{tokenId}

GET /api/v1/apps/{appId}/tokens/{tokenId}

Gets a token for the specified application

operationId: Application_getToken

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
tokenId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/tokens/{tokenId}

GET /api/v1/apps/{appId}/users List Users Assigned to Application

Enumerates all assigned application users for an application.

operationId: Application_listAssignedUsers

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
q	query	optional	string	—
query_scope	query	optional	string	—
after	query	optional	string	specifies the pagination cursor for the next page of assignments
limit	query	optional	integer	specifies the number of results for a page
filter	query	optional	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/users

POST /api/v1/apps/{appId}/users Assign User to Application for SSO & Provisioning

Assigns an user to an application with credentials and an app-specific profile. Profile mappings defined for the application are first applied before applying any profile properties specified in the request.

operationId: Application_assignUserToApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

application/json

schema AppUser

Property	Type	Required
id	string	optional
scope	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
lastSync	string	optional
_embedded	object	optional
syncState	string	optional
externalId	string	optional
credentials	object	optional
└ password	object	optional
└ value	string	optional
└ userName	string	optional
lastUpdated	string	optional
statusChanged	string	optional
passwordChanged	string	optional

Responses

200

Success

POST /api/v1/apps/{appId}/users

DELETE /api/v1/apps/{appId}/users/{userId} Remove User from Application

Removes an assignment for a user from an application.

operationId: Application_removeUserFrom

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
userId	path	required	string	—
sendEmail	query	optional	boolean	—

Responses

204

No Content

DELETE /api/v1/apps/{appId}/users/{userId}

GET /api/v1/apps/{appId}/users/{userId} Get Assigned User for Application

Fetches a specific user assignment for application by id.

operationId: Application_getSpecificUserAssignment

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
userId	path	required	string	—
expand	query	optional	string	—

Responses

200

Success

GET /api/v1/apps/{appId}/users/{userId}

POST /api/v1/apps/{appId}/users/{userId} Update Application Profile for Assigned User

Updates a user’s profile for an application

operationId: Application_updateProfileForUser

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
userId	path	required	string	—

Request Body

application/json

schema AppUser

Property	Type	Required
id	string	optional
scope	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
lastSync	string	optional
_embedded	object	optional
syncState	string	optional
externalId	string	optional
credentials	object	optional
└ password	object	optional
└ value	string	optional
└ userName	string	optional
lastUpdated	string	optional
statusChanged	string	optional
passwordChanged	string	optional

Responses

200

Success

POST /api/v1/apps/{appId}/users/{userId}

Load more endpoints

Schemas

object AccessPolicy

{
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/Policy"
}

object AccessPolicyConstraint

{
  "type": "object",
  "properties": {
    "types": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "methods": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "reauthenticateIn": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyConstraints

{
  "type": "object",
  "properties": {
    "knowledge": {
      "$ref": "#/components/schemas/KnowledgeConstraint"
    },
    "possession": {
      "$ref": "#/components/schemas/PossessionConstraint"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyRule

{
  "type": "object",
  "properties": {
    "name": {
      "type": "string"
    },
    "actions": {
      "$ref": "#/components/schemas/AccessPolicyRuleActions"
    },
    "conditions": {
      "$ref": "#/components/schemas/AccessPolicyRuleConditions"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRule"
}

object AccessPolicyRuleActions

{
  "type": "object",
  "properties": {
    "appSignOn": {
      "$ref": "#/components/schemas/AccessPolicyRuleApplicationSignOn"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRuleActions"
}

object AccessPolicyRuleApplicationSignOn

{
  "type": "object",
  "properties": {
    "access": {
      "type": "string"
    },
    "verificationMethod": {
      "$ref": "#/components/schemas/VerificationMethod"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyRuleConditions

{
  "properties": {
    "device": {
      "$ref": "#/components/schemas/DeviceAccessPolicyRuleCondition"
    },
    "userType": {
      "$ref": "#/components/schemas/UserTypeCondition"
    },
    "elCondition": {
      "$ref": "#/components/schemas/AccessPolicyRuleCustomCondition"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRuleConditions"
}

object AccessPolicyRuleCustomCondition

{
  "properties": {
    "condition": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AcsEndpoint

{
  "properties": {
    "url": {
      "type": "string"
    },
    "index": {
      "type": "integer"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ActivateFactorRequest

{
  "properties": {
    "passCode": {
      "type": "string"
    },
    "clientData": {
      "type": "string"
    },
    "stateToken": {
      "type": "string"
    },
    "attestation": {
      "type": "string"
    },
    "registrationData": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "UserFactor"
  ]
}

string AllowedForEnum

{
  "enum": [
    "recovery",
    "sso",
    "any",
    "none"
  ],
  "type": "string",
  "x-okta-tags": [
    "Authenticator"
  ]
}

object AppAndInstanceConditionEvaluatorAppOrInstance

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "name": {
      "type": "string"
    },
    "type": {
      "enum": [
        "APP_TYPE",
        "APP"
      ],
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppAndInstancePolicyRuleCondition

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "$ref": "#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "$ref": "#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance"
      }
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppInstancePolicyRuleCondition

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppLink

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "label": {
      "type": "string",
      "readOnly": true
    },
    "hidden": {
      "type": "boolean",
      "readOnly": true
    },
    "appName": {
      "type": "string",
      "readOnly": true
    },
    "linkUrl": {
      "type": "string",
      "readOnly": true
    },
    "logoUrl": {
      "type": "string",
      "readOnly": true
    },
    "sortOrder": {
      "type": "integer",
      "readOnly": true
    },
    "appInstanceId": {
      "type": "string",
      "readOnly": true
    },
    "appAssignmentId": {
      "type": "string",
      "readOnly": true
    },
    "credentialsSetup": {
      "type": "boolean",
      "readOnly": true
    }
  },
  "x-okta-tags": [
    "User"
  ]
}

object AppUser

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string"
    },
    "scope": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "type": "string",
      "readOnly": true
    },
    "created": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "lastSync": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "syncState": {
      "type": "string",
      "readOnly": true
    },
    "externalId": {
      "type": "string",
      "readOnly": true
    },
    "credentials": {
      "$ref": "#/components/schemas/AppUserCredentials"
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "statusChanged": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "passwordChanged": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    }
  },
  "x-okta-crud": [
    {
      "alias": "update",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "userId"
        },
        {
          "dest": "appUser",
          "self": true
        }
      ],
      "operationId": "updateApplicationUser"
    },
    {
      "alias": "delete",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "userId"
        }
      ],
      "operationId": "deleteApplicationUser"
    }
  ],
  "x-okta-tags": [
    "Application"
  ]
}

object AppUserCredentials

{
  "type": "object",
  "properties": {
    "password": {
      "$ref": "#/components/schemas/AppUserPasswordCredential"
    },
    "userName": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object AppUserPasswordCredential

{
  "properties": {
    "value": {
      "type": "string",
      "format": "password"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object Application

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "name": {
      "type": "string",
      "readOnly": true
    },
    "label": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "enum": [
        "ACTIVE",
        "INACTIVE",
        "DELETED"
      ],
      "type": "string",
      "readOnly": true
    },
    "created": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "features": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "settings": {
      "$ref": "#/components/schemas/ApplicationSettings"
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "licensing": {
      "$ref": "#/components/schemas/ApplicationLicensing"
    },
    "signOnMode": {
      "$ref": "#/components/schemas/ApplicationSignOnMode"
    },
    "visibility": {
      "$ref": "#/components/schemas/ApplicationVisibility"
    },
    "credentials": {
      "$ref": "#/components/schemas/ApplicationCredentials"
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "accessibility": {
      "$ref": "#/components/schemas/ApplicationAccessibility"
    }
  },
  "x-okta-crud": [
    {
      "alias": "read",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplication"
    },
    {
      "alias": "update",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        },
        {
          "dest": "application",
          "self": true
        }
      ],
      "operationId": "updateApplication"
    },
    {
      "alias": "delete",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "deleteApplication"
    }
  ],
  "x-okta-tags": [
    "Application"
  ],
  "x-okta-operations": [
    {
      "alias": "activate",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "activateApplication"
    },
    {
      "alias": "deactivate",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "deactivateApplication"
    },
    {
      "alias": "listApplicationUsers",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationUsers"
    },
    {
      "alias": "assignUserToApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "assignUserToApplication"
    },
    {
      "alias": "getApplicationUser",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationUser"
    },
    {
      "alias": "createApplicationGroupAssignment",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "createApplicationGroupAssignment"
    },
    {
      "alias": "getApplicationGroupAssignment",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationGroupAssignment"
    },
    {
      "alias": "cloneApplicationKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "cloneApplicationKey"
    },
    {
      "alias": "getApplicationKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationKey"
    },
    {
      "alias": "listGroupAssignments",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationGroupAssignments"
    },
    {
      "alias": "listKeys",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationKeys"
    },
    {
      "alias": "generateKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "generateApplicationKey"
    },
    {
      "alias": "generateCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "generateCsrForApplication"
    },
    {
      "alias": "getCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getCsrForApplication"
    },
    {
      "alias": "revokeCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeCsrFromApplication"
    },
    {
      "alias": "listCsrs",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listCsrsForApplication"
    },
    {
      "alias": "publishCerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishCerCert"
    },
    {
      "alias": "publishBinaryCerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryCerCert"
    },
    {
      "alias": "publishDerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishDerCert"
    },
    {
      "alias": "publishBinaryDerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryDerCert"
    },
    {
      "alias": "publishBinaryPemCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryPemCert"
    },
    {
      "alias": "listOAuth2Tokens",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listOAuth2TokensForApplication"
    },
    {
      "alias": "revokeOAuth2TokenForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeOAuth2TokenForApplication"
    },
    {
      "alias": "getOAuth2Token",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getOAuth2TokenForApplication"
    },
    {
      "alias": "revokeOAuth2Tokens",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeOAuth2TokensForApplication"
    },
    {
      "alias": "listScopeConsentGrants",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listScopeConsentGrants"
    },
    {
      "alias": "grantConsentToScope",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "grantConsentToScope"
    },
    {
      "alias": "revokeScopeConsentGrant",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeScopeConsentGrant"
    },
    {
      "alias": "getScopeConsentGrant",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getScopeConsentGrant"
    },
    {
      "alias": "uploadApplicationLogo",
      "operationId": "uploadApplicationLogo"
    },
    {
      "alias": "getFeatureForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getFeatureForApplication"
    },
    {
      "alias": "updateFeatureForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "updateFeatureForApplication"
    },
    {
      "alias": "updateApplicationPolicy",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "updateApplicationPolicy"
    }
  ],
  "x-openapi-v3-discriminator": {
    "mapping": {
      "BOOKMARK": "#/definitions/BookmarkApplication",
      "SAML_1_1": "#/definitions/SamlApplication",
      "SAML_2_0": "#/definitions/SamlApplication",
      "AUTO_LOGIN": "#/definitions/AutoLoginApplication",
      "BASIC_AUTH": "#/definitions/BasicAuthApplication",
      "WS_FEDERATION": "#/definitions/WsFederationApplication",
      "BROWSER_PLUGIN": "#/definitions/BrowserPluginApplication",
      "OPENID_CONNECT": "#/definitions/OpenIdConnectApplication",
      "SECURE_PASSWORD_STORE": "#/definitions/SecurePasswordStoreApplication"
    },
    "propertyName": "signOnMode"
  }
}

object ApplicationAccessibility

{
  "type": "object",
  "properties": {
    "selfService": {
      "type": "boolean"
    },
    "errorRedirectUrl": {
      "type": "string"
    },
    "loginRedirectUrl": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentials

{
  "type": "object",
  "properties": {
    "signing": {
      "$ref": "#/components/schemas/ApplicationCredentialsSigning"
    },
    "userNameTemplate": {
      "$ref": "#/components/schemas/ApplicationCredentialsUsernameTemplate"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentialsOAuthClient

{
  "properties": {
    "client_id": {
      "type": "string"
    },
    "client_secret": {
      "type": "string"
    },
    "pkce_required": {
      "type": "boolean"
    },
    "autoKeyRotation": {
      "type": "boolean"
    },
    "token_endpoint_auth_method": {
      "$ref": "#/components/schemas/OAuthEndpointAuthenticationMethod"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationCredentialsScheme

{
  "enum": [
    "SHARED_USERNAME_AND_PASSWORD",
    "EXTERNAL_PASSWORD_SYNC",
    "EDIT_USERNAME_AND_PASSWORD",
    "EDIT_PASSWORD_ONLY",
    "ADMIN_SETS_CREDENTIALS"
  ],
  "type": "string",
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentialsSigning

{
  "type": "object",
  "properties": {
    "kid": {
      "type": "string"
    },
    "use": {
      "$ref": "#/components/schemas/ApplicationCredentialsSigningUse"
    },
    "lastRotated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "nextRotation": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "rotationMode": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationCredentialsSigningUse

{
  "enum": [
    "sig"
  ],
  "type": "string",
  "x-okta-tags": [
    "AuthorizationServer"
  ]
}

object ApplicationCredentialsUsernameTemplate

{
  "type": "object",
  "properties": {
    "type": {
      "type": "string"
    },
    "suffix": {
      "type": "string"
    },
    "template": {
      "type": "string"
    },
    "pushStatus": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationFeature

{
  "type": "object",
  "properties": {
    "name": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "$ref": "#/components/schemas/EnabledStatus"
    },
    "description": {
      "type": "string"
    },
    "capabilities": {
      "$ref": "#/components/schemas/CapabilitiesObject"
    }
  },
  "x-okta-tags": [
    "Application"
  ],
  "x-okta-operations": [
    {
      "alias": "listFeaturesForApplication",
      "operationId": "listFeaturesForApplication"
    }
  ]
}

object ApplicationGroupAssignment

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "priority": {
      "type": "integer"
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    }
  },
  "x-okta-crud": [
    {
      "alias": "delete",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "groupId"
        }
      ],
      "operationId": "deleteApplicationGroupAssignment"
    }
  ],
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationLicensing

{
  "type": "object",
  "properties": {
    "seatCount": {
      "type": "integer"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

array ApplicationListAppsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/Application"
  }
}

array ApplicationListAssignedUsersResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/AppUser"
  }
}

array ApplicationListClientSecretsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ClientSecret"
  }
}

array ApplicationListCsrsForApplicationResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/Csr"
  }
}

array ApplicationListFeaturesResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ApplicationFeature"
  }
}

array ApplicationListGroupsAssignedResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ApplicationGroupAssignment"
  }
}

array ApplicationListKeyCredentialsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/JsonWebKey"
  }
}

array ApplicationListScopeConsentGrantsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/OAuth2ScopeConsentGrant"
  }
}

array ApplicationListTokensResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/OAuth2Token"
  }
}

object ApplicationPreviewSamlAppMetadataResponse

{
  "type": "object",
  "properties": {
    "EntityDescriptor": {
      "type": "object",
      "properties": {
        "entityID": {
          "xml": {
            "attribute": true
          },
          "type": "string"
        },
        "IDPSSODescriptor": {
          "type": "object",
          "properties": {
            "NameIDFormat": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "KeyDescriptor": {
              "type": "object",
              "properties": {
                "use": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "KeyInfo": {
                  "type": "object",
                  "properties": {
                    "X509Data": {
                      "type": "object",
                      "properties": {
                        "X509Certificate": {
                          "type": "string"
                        }
                      }
                    }
                  }
                }
              }
            },
            "SingleLogoutService": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "properties": {
                "Binding": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "Location": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                }
              }
            },
            "SingleSignOnService": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "properties": {
                "Binding": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "Location": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                }
              }
            },
            "WantAuthnRequestsSigned": {
              "xml": {
                "attribute": true
              },
              "type": "boolean"
            },
            "protocolSupportEnumeration": {
              "xml": {
                "attribute": true
              },
              "type": "string"
            }
          }
        }
      }
    }
  }
}

object ApplicationSettings

{
  "type": "object",
  "properties": {
    "app": {
      "$ref": "#/components/schemas/ApplicationSettingsApplication"
    },
    "notes": {
      "$ref": "#/components/schemas/ApplicationSettingsNotes"
    },
    "inlineHookId": {
      "type": "string"
    },
    "notifications": {
      "$ref": "#/components/schemas/ApplicationSettingsNotifications"
    },
    "implicitAssignment": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsApplication

{
  "properties": {
    "url": {
      "type": "string"
    },
    "acsUrl": {
      "type": "string"
    },
    "orgName": {
      "type": "string"
    },
    "buttonField": {
      "type": "string"
    },
    "loginUrlRegex": {
      "type": "string"
    },
    "passwordField": {
      "type": "string"
    },
    "usernameField": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotes

{
  "type": "object",
  "properties": {
    "admin": {
      "type": "string"
    },
    "enduser": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotifications

{
  "type": "object",
  "properties": {
    "vpn": {
      "$ref": "#/components/schemas/ApplicationSettingsNotificationsVpn"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotificationsVpn

{
  "type": "object",
  "properties": {
    "helpUrl": {
      "type": "string"
    },
    "message": {
      "type": "string"
    },
    "network": {
      "$ref": "#/components/schemas/ApplicationSettingsNotificationsVpnNetwork"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotificationsVpnNetwork

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "connection": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationSignOnMode

{
  "enum": [
    "BOOKMARK",
    "BASIC_AUTH",
    "BROWSER_PLUGIN",
    "SECURE_PASSWORD_STORE",
    "AUTO_LOGIN",
    "WS_FEDERATION",
    "SAML_2_0",
    "OPENID_CONNECT",
    "SAML_1_1"
  ],
  "type": "string",
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationUpdateLogoRequest

{
  "type": "object",
  "required": [
    "file"
  ],
  "properties": {
    "file": {
      "type": "string",
      "format": "binary"
    }
  }
}

object ApplicationVisibility

{
  "type": "object",
  "properties": {
    "hide": {
      "$ref": "#/components/schemas/ApplicationVisibilityHide"
    },
    "appLinks": {
      "type": "object",
      "additionalProperties": {
        "type": "boolean"
      }
    },
    "autoLaunch": {
      "type": "boolean"
    },
    "autoSubmitToolbar": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationVisibilityHide

{
  "type": "object",
  "properties": {
    "iOS": {
      "type": "boolean"
    },
    "web": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object AssignRoleRequest

{
  "properties": {
    "type": {
      "$ref": "#/components/schemas/RoleType"
    }
  },
  "x-okta-tags": [
    "Role"
  ]
}

Load more schemas

Versions

Version	Endpoints	Schemas	Ingested	Status
2.16.0	341	532	2026-05-25	current
2.16.0	341	532	2026-04-16