About a Flow client token

Flows at the lowest level of security are accessed by its alias alone.

A Flow client token is used as a query parameter on medium security level Flows. The Webhook level of security allows a client to pass along this token to identify itself as a safe party to Okta Workflows.

For added security, you can also pass the token in the x-api-client-token header.

Anyone with this client token will be able to access this Flow with the following Okta Workflows API routes:

  • Invoke a Flow

  • Resume a Paused Flow

  • Retry a Flow

  • Generate an Open API Specification for this Flow

For more information about these routes, see Okta API documentation.

Related Topics

About invoking an API endpoint Flow

About Flow aliases