About a flow client token

Flows at the lowest level of security are accessed by its alias alone.

A flow client token is used as a query parameter on medium security level flows. The Webhook level of security allows a client to pass along this token to identify itself as a safe party to Okta Workflows.

For added security, you can also pass the token in the x-api-client-token header.

Anyone with this client token will be able to access this flow with the following Okta Workflows API routes:

  • Invoke a flow

  • Resume a paused flow

  • Retry a flow

  • Generate an Open API Specification for this flow

For more information about these routes, see Okta API documentation.

Related topics

About flow aliases