Custom API Action

Make a custom, authenticated HTTP call to the Okta Privileged Access API.

The Custom API Action card enables you to invoke arbitrary API calls against the Okta Privileged Access API. The primary purpose of this card is to build flow operations if other action cards don't support your use case.

The Custom API Action card automatically builds and sends the URL to the Okta Privileged Access API using the supplied credentials. The Relative URL field contains the path to the endpoint where you want to send the request.

The Custom API Action doesn't perform any logical validation for operations. For example, it doesn't prevent a DELETE request from containing an HTTP body. Review the Okta Privileged Access API documentation to ensure that you're calling the API correctly.

Options

Field	Definition	Type	Required
Request Type	These are the supported HTTP request methods, or HTTP verbs, in a custom API call (see HTTP request methods). GET: Retrieves data from a web server based on parameters. This method requests a representation of the specified resource. If a request is successful, a 200 (OK) response message is returned with the requested content. POST: Sends data to a web server based on parameters, for example, uploading a file. Multiple POST requests may result in a different outcome than a single POST. Exercise caution to avoid sending multiple POST requests unintentionally. If a request is successful, a 200 (OK) response message is returned. PUT: Sends data to be stored at a specific location on a web server based on parameters, such as uploading a file. Unlike POST requests, PUT requests are idempotent. For successful requests, the result of a single PUT request is the same as many identical PUT requests. If a request is successful, a 200 (OK), 201 (Created), or 204 (No Content) response message is returned. PATCH: Applies partial modifications to a resource on a web server based on parameters. PATCH isn't idempotent. Multiple PATCH requests could have unintended consequences. If a PATCH is successful, a 200 (OK) or 204 (No Content) response message is returned. DELETE: Deletes the specified resource if it exists from the web server based on parameters. If a DELETE is successful, a 200 (OK) response message is returned.	Dropdown	TRUE

Field

Definition

Type

Required

Request Type

These are the supported HTTP request methods, or HTTP verbs, in a custom API call (see HTTP request methods).

GET: Retrieves data from a web server based on parameters. This method requests a representation of the specified resource. If a request is successful, a 200 (OK) response message is returned with the requested content.
POST: Sends data to a web server based on parameters, for example, uploading a file. Multiple POST requests may result in a different outcome than a single POST. Exercise caution to avoid sending multiple POST requests unintentionally. If a request is successful, a 200 (OK) response message is returned.
PUT: Sends data to be stored at a specific location on a web server based on parameters, such as uploading a file. Unlike POST requests, PUT requests are idempotent. For successful requests, the result of a single PUT request is the same as many identical PUT requests. If a request is successful, a 200 (OK), 201 (Created), or 204 (No Content) response message is returned.
PATCH: Applies partial modifications to a resource on a web server based on parameters. PATCH isn't idempotent. Multiple PATCH requests could have unintended consequences. If a PATCH is successful, a 200 (OK) or 204 (No Content) response message is returned.
DELETE: Deletes the specified resource if it exists from the web server based on parameters. If a DELETE is successful, a 200 (OK) response message is returned.

Dropdown

TRUE

Input

Field	Definition	Type	Required
Request
Relative URL	The URL address of the web server that you're attempting to call. Specify the relative URL as /{insert_remaining_URL}. You can specify query parameters in the relative URL using ?, or specify the query parameters as a key and value pair in the Query input. For the Okta Privileged Access API at https://{OktaOrg}.pam.okta.com/v1/teams/{teamname}/{endpoint}, the Relative URL is /{endpoint}. For example, for the Okta Privileged Access API: https://myorg.pam.okta.com/v1/teams/adminteam/sudo_command_bundles, the Relative URL is /sudo_command_bundles.	Text	TRUE
Query	Specify any additional query parameters that should be included as key and value pairs. For example, {"name":"something-urgent"}.	Object	FALSE
Headers	Specify any headers required in addition to authorization or content-type, as the connector already handles those headers.	Object	FALSE
Body	Specify a request body in JSON format. This input is only available for POST, PUT, and PATCH requests.	Object	FALSE

Output

Field	Definition	Type
Response
Status Code	Result of the operation. The connector returns an HTTP status code that indicates whether the action taken by the card succeeded or failed. For example: A 201 Created status code indicates success where a new resource was created. A 403 Forbidden error indicates that the HTTP request wasn't processed because the necessary permissions were missing. For a full list of possible status codes, see HTTP status codes.	Number
Headers	Detailed context for the status code, unrelated to the output body. Response headers depend on your selected HTTP request option. Not all headers are response headers. This is similar to {"Content-type":"application/json"}.	Object
Body	Data returned from your selected HTTP request. For example, the data from a GET request.	Object

Custom API Action

Options

Input

Output

Related topics