Enable or disable the Access Gateway API
The Access Gateway API lets you run many tasks through a programmatic interface. Before you can use the Access Gateway API, you must enable it in the Access Gateway Admin UI console.
Note:
API requests must originate from specific private IP address ranges within your local network:
- 10.0.0.0 to 10.255.255.255 (10/8 prefix)
- 172.16.0.0 to 172.31.255.255 (172.16/12 prefix)
- 192.168.0.0 to 192.168.255.255 (192.168/16 prefix)
Enable the Access Gateway API
- Go to the Access Gateway Admin UI console.
- Click the Settings tab.
- Click the Access Gateway button.
- Expand the API section.
- Click the Scopes dropdown menu.
- Select one or more scopes from the list.Note:
You can't add more scopes after you enable the Access Gateway API. If you need to add more, disable the Access Gateway API, add the correct scopes, and then enable it again.
- Click the toggle switch so that it displays Enabled.
- Click Copy to Clipboard. This key appears only once and you can't retrieve it later. Paste the API client private key in a secure location. You need this key in your code to interact with the API.
- The client ID appears in the API section. Copy and paste the client ID in a secure location. You need this ID in your code to interact with the API.
- Add the API client private key and the client ID in your code. Here's an example. Replace the values with
your own:
[ { "client_id": "nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn", "scope": [ "okta.oag.app.scope" ], "expiration": 0 } ] - Sign a JSON web token (JWT). See Okta Access Gateway API.
Disable the Access Gateway API
- Go to the Access Gateway Admin UI console.
- Click the Settings tab.
- Click the Access Gateway button.
- Expand the API section.
- Click the toggle switch so that it shows Disabled.
- Click Yes. The client ID that you created is no longer available to the Access Gateway API.
- Remove references to the client ID that you deleted, and its scopes, from your code that interacts with the Access Gateway API.