Flow client token

At the lowest level of security, you can access a flow only using its alias.

A flow client token is used as a query parameter on medium-security flows. The webhook level of security allows a client to pass along this token to identify itself as a safe party to Okta Workflows.

For added security, you can also pass the token in the x-api-client-token header.

Anyone with this client token can access this flow through the following Okta Workflows API routes:

  • Invoke a flow

  • Resume a paused flow

  • Retry a flow

  • Generate an open API specification for this flow

For more information about these routes, see the Okta API documentation.

Related topics

Flow aliases