Flow client token

At the lowest level of security, you can access a flow only using its alias.

For medium security flows, a unique client token is used as a query parameter. This level of security allows a client to pass along a token to identify itself as a safe party to Okta Workflows. You can also pass the token inside the x-api-client-token header.

Anyone with the client token can access your flow through the following Okta Workflows API routes:

  • Invoke a flow

  • Resume a paused flow

  • Retry a flow

  • Generate an open API specification for this flow

Related topics

Flow aliases

Invoke a flow with an API endpoint

Resume a paused flow

Run flows