Flow client token
At the lowest level of security, you can access a flow only using its alias.
A flow client token is used as a query parameter on medium-security flows. The webhook level of security allows a client to pass along this token to identify itself as a safe party to Okta Workflows.
For added security, you can also pass the token in the x-api-client-token header.
Anyone with this client token can access this flow through the following Okta Workflows API routes:
-
Invoke a flow
-
Resume a paused flow
-
Retry a flow
-
Generate an open API specification for this flow
For more information about these routes, see the Okta API documentation.