About a Flow client token
Flows at the lowest level of security are accessed by its alias alone.
A Flow client token is used as a query parameter on medium security level Flows. The Webhook level of security allows a client to pass along this token to identify itself as a safe party to Okta Workflows.
For added security, you can also pass the token in the x-api-client-token header.
Anyone with this client token will be able to access this Flow with the following Okta Workflows API routes:
Invoke a Flow
Resume a Paused Flow
Retry a Flow
Generate an Open API Specification for this Flow
For more information about these routes, see Okta API documentation.