- Documentation: https://developer.okta.com/docs/guides/create-an-api-token/main/
- Summary: Okta is an identity and access management company, it provides cloud solutions that help companies manage and secure user authentication. This detector focuses on catching API tokens used to authenticate requests to Okta APIs.
- IPs allowlist: This feature is not supported in the free plan, but in premium plans, admins can set allowlists and banlists according to their needs from the
- Scopes: Various groups of users can be created, and users can also be assigned to applications. The API token inherits authorization from their user.
#Revoke the secret
An API token can be revoked from the API tab of the Okta dashboard. The authorization server that is attributed to the account can also be used to automatically rotate API keys.
#Check for suspicious activity
Okta keeps logs of any calls or actions made with a given API key.
Category: Identity provider
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 4.04
- type: FilenameBanlistPreValidator banlist_extensions: - ^lock$ - ^storyboard(c|er)?~?$ - ^xib$ - ipynb banlist_filenames:  check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - okta- type: ContentWhitelistPreValidator patterns: - '00'
- text: | // Add Okta_TOKEN GENERATED string token = "00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2"; apikey: 00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2 - text: | // Add Okta_TOKEN GENERATED +00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2"; apikey: 00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2