Okta · Capability

Okta API

Allows customers to easily access the Okta API

Run with Naftiko OktaAPI

What You Can Do

GET
Listapplications — Okta List Applications
/api/v1/apps
POST
Createapplication — Okta Add Application
/api/v1/apps
GET
Getapplication — Okta Get Application
/api/v1/apps/{appId}
PUT
Updateapplication — Okta Update Application
/api/v1/apps/{appId}
DELETE
Deleteapplication — Okta Delete Application
/api/v1/apps/{appId}
GET
Getdefaultprovisioningconnectionforapplication — Okta Fetches the default Provisioning Connection for an application.
/api/v1/apps/{appId}/connections/default
POST
Setdefaultprovisioningconnectionforapplication — Okta Sets the default Provisioning Connection for an application.
/api/v1/apps/{appId}/connections/default
POST
Activatedefaultprovisioningconnectionforapplicat — Okta Activate default Provisioning Connection for application
/api/v1/apps/{appId}/connections/default/lifecycle/activate
POST
Deactivatedefaultprovisioningconnectionforapplic — Okta Deactivate default Provisioning Connection for application
/api/v1/apps/{appId}/connections/default/lifecycle/deactivate
GET
Listcsrsforapplication — Okta List Certificate Signing Requests for Application
/api/v1/apps/{appId}/credentials/csrs
POST
Generatecsrforapplication — Okta Generate Certificate Signing Request for Application
/api/v1/apps/{appId}/credentials/csrs
GET
Getcsrforapplication — GET /api/v1/apps/{appId}/credentials/csrs/{csrId}
/api/v1/apps/{appId}/credentials/csrs/{csrId}
DELETE
Revokecsrfromapplication — DELETE /api/v1/apps/{appId}/credentials/csrs/{csrId}
/api/v1/apps/{appId}/credentials/csrs/{csrId}
POST
Post api v1 apps appid credentials csrs csrid li — POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
GET
Listapplicationkeys — Okta List Key Credentials for Application
/api/v1/apps/{appId}/credentials/keys
POST
Generateapplicationkey — Generates a new X.509 certificate for an application key credential
/api/v1/apps/{appId}/credentials/keys/generate
GET
Getapplicationkey — Okta Get Key Credential for Application
/api/v1/apps/{appId}/credentials/keys/{keyId}
POST
Cloneapplicationkey — Okta Clone Application Key Credential
/api/v1/apps/{appId}/credentials/keys/{keyId}/clone
GET
Listclientsecretsforapplication — Okta List client secrets
/api/v1/apps/{appId}/credentials/secrets
POST
Createnewclientsecretforapplication — Okta Add new client secret
/api/v1/apps/{appId}/credentials/secrets
GET
Getclientsecretforapplication — Okta Get client secret
/api/v1/apps/{appId}/credentials/secrets/{secretId}
DELETE
Deleteclientsecretforapplication — Removes a secret from the client's collection of secrets.
/api/v1/apps/{appId}/credentials/secrets/{secretId}
POST
Activateclientsecretforapplication — Okta Activate a client secret
/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate
POST
Deactivateclientsecretforapplication — Okta Deactivate a client secret
/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate
GET
Listfeaturesforapplication — Okta Fetches the Feature objects for an application.
/api/v1/apps/{appId}/features
GET
Getfeatureforapplication — Okta Fetches a Feature object for an application.
/api/v1/apps/{appId}/features/{name}
PUT
Updatefeatureforapplication — Okta Updates a Feature object for an application.
/api/v1/apps/{appId}/features/{name}
GET
Listscopeconsentgrants — Lists all scope consent grants for the application
/api/v1/apps/{appId}/grants
POST
Grantconsenttoscope — Grants consent for the application to request an OAuth 2.0 Okta scope
/api/v1/apps/{appId}/grants
GET
Getscopeconsentgrant — Fetches a single scope consent grant for the application
/api/v1/apps/{appId}/grants/{grantId}
DELETE
Revokescopeconsentgrant — Revokes permission for the application to request the given scope
/api/v1/apps/{appId}/grants/{grantId}
GET
Listapplicationgroupassignments — Okta List Groups Assigned to Application
/api/v1/apps/{appId}/groups
GET
Getapplicationgroupassignment — Okta Get Assigned Group for Application
/api/v1/apps/{appId}/groups/{groupId}
PUT
Createapplicationgroupassignment — Okta Assign Group to Application
/api/v1/apps/{appId}/groups/{groupId}
DELETE
Deleteapplicationgroupassignment — Okta Remove Group from Application
/api/v1/apps/{appId}/groups/{groupId}
POST
Activateapplication — Okta Activate Application
/api/v1/apps/{appId}/lifecycle/activate
POST
Deactivateapplication — Okta Deactivate Application
/api/v1/apps/{appId}/lifecycle/deactivate
POST
Uploadapplicationlogo — Okta The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
/api/v1/apps/{appId}/logo
PUT
Updateapplicationpolicy — Okta Update application policy
/api/v1/apps/{appId}/policies/{policyId}
GET
Previewsamlappmetadata — Previews SAML metadata based on a specific key credential for an application
/api/v1/apps/{appId}/sso/saml/metadata
GET
Listoauth2tokensforapplication — Lists all tokens for the application
/api/v1/apps/{appId}/tokens
DELETE
Revokeoauth2tokensforapplication — Revokes all tokens for the specified application
/api/v1/apps/{appId}/tokens
GET
Getoauth2tokenforapplication — Gets a token for the specified application
/api/v1/apps/{appId}/tokens/{tokenId}
DELETE
Revokeoauth2tokenforapplication — Revokes the specified token for the specified application
/api/v1/apps/{appId}/tokens/{tokenId}
GET
Listapplicationusers — Okta List Users Assigned to Application
/api/v1/apps/{appId}/users
POST
Assignusertoapplication — Okta Assign User to Application for SSO & Provisioning
/api/v1/apps/{appId}/users
GET
Getapplicationuser — Okta Get Assigned User for Application
/api/v1/apps/{appId}/users/{userId}
POST
Updateapplicationuser — Okta Update Application Profile for Assigned User
/api/v1/apps/{appId}/users/{userId}
DELETE
Deleteapplicationuser — Okta Remove User from Application
/api/v1/apps/{appId}/users/{userId}
GET
Listauthenticators — Okta Lists all available Authenticators
/api/v1/authenticators
POST
Createauthenticator — Okta Create an Authenticator
/api/v1/authenticators
GET
Getauthenticator — Success
/api/v1/authenticators/{authenticatorId}
PUT
Updateauthenticator — Okta Update Authenticator
/api/v1/authenticators/{authenticatorId}
POST
Activateauthenticator — Success
/api/v1/authenticators/{authenticatorId}/lifecycle/activate
POST
Deactivateauthenticator — Success
/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate
GET
Listauthorizationservers — Success
/api/v1/authorizationServers
POST
Createauthorizationserver — Success
/api/v1/authorizationServers
GET
Getauthorizationserver — Success
/api/v1/authorizationServers/{authServerId}
PUT
Updateauthorizationserver — Success
/api/v1/authorizationServers/{authServerId}
DELETE
Deleteauthorizationserver — Success
/api/v1/authorizationServers/{authServerId}

MCP Tools

listapplications

Okta List Applications

read-only idempotent
createapplication

Okta Add Application

getapplication

Okta Get Application

read-only idempotent
updateapplication

Okta Update Application

idempotent
deleteapplication

Okta Delete Application

idempotent
getdefaultprovisioningconnectionforapplication

Okta Fetches the default Provisioning Connection for an application.

read-only idempotent
setdefaultprovisioningconnectionforapplication

Okta Sets the default Provisioning Connection for an application.

activatedefaultprovisioningconnectionforapplicat

Okta Activate default Provisioning Connection for application

deactivatedefaultprovisioningconnectionforapplic

Okta Deactivate default Provisioning Connection for application

listcsrsforapplication

Okta List Certificate Signing Requests for Application

read-only idempotent
generatecsrforapplication

Okta Generate Certificate Signing Request for Application

getcsrforapplication

GET /api/v1/apps/{appId}/credentials/csrs/{csrId}

read-only idempotent
revokecsrfromapplication

DELETE /api/v1/apps/{appId}/credentials/csrs/{csrId}

idempotent
post-api-v1-apps-appid-credentials-csrs-csrid-li

POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish

listapplicationkeys

Okta List Key Credentials for Application

read-only idempotent
generateapplicationkey

Generates a new X.509 certificate for an application key credential

getapplicationkey

Okta Get Key Credential for Application

read-only idempotent
cloneapplicationkey

Okta Clone Application Key Credential

listclientsecretsforapplication

Okta List client secrets

read-only idempotent
createnewclientsecretforapplication

Okta Add new client secret

getclientsecretforapplication

Okta Get client secret

read-only idempotent
deleteclientsecretforapplication

Removes a secret from the client's collection of secrets.

idempotent
activateclientsecretforapplication

Okta Activate a client secret

deactivateclientsecretforapplication

Okta Deactivate a client secret

listfeaturesforapplication

Okta Fetches the Feature objects for an application.

read-only idempotent
getfeatureforapplication

Okta Fetches a Feature object for an application.

read-only idempotent
updatefeatureforapplication

Okta Updates a Feature object for an application.

idempotent
listscopeconsentgrants

Lists all scope consent grants for the application

read-only idempotent
grantconsenttoscope

Grants consent for the application to request an OAuth 2.0 Okta scope

getscopeconsentgrant

Fetches a single scope consent grant for the application

read-only idempotent
revokescopeconsentgrant

Revokes permission for the application to request the given scope

idempotent
listapplicationgroupassignments

Okta List Groups Assigned to Application

read-only idempotent
getapplicationgroupassignment

Okta Get Assigned Group for Application

read-only idempotent
createapplicationgroupassignment

Okta Assign Group to Application

idempotent
deleteapplicationgroupassignment

Okta Remove Group from Application

idempotent
activateapplication

Okta Activate Application

deactivateapplication

Okta Deactivate Application

uploadapplicationlogo

Okta The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.

updateapplicationpolicy

Okta Update application policy

idempotent
previewsamlappmetadata

Previews SAML metadata based on a specific key credential for an application

read-only idempotent
listoauth2tokensforapplication

Lists all tokens for the application

read-only idempotent
revokeoauth2tokensforapplication

Revokes all tokens for the specified application

idempotent
getoauth2tokenforapplication

Gets a token for the specified application

read-only idempotent
revokeoauth2tokenforapplication

Revokes the specified token for the specified application

idempotent
listapplicationusers

Okta List Users Assigned to Application

read-only idempotent
assignusertoapplication

Okta Assign User to Application for SSO & Provisioning

getapplicationuser

Okta Get Assigned User for Application

read-only idempotent
updateapplicationuser

Okta Update Application Profile for Assigned User

deleteapplicationuser

Okta Remove User from Application

idempotent
listauthenticators

Okta Lists all available Authenticators

read-only idempotent
createauthenticator

Okta Create an Authenticator

getauthenticator

Success

read-only idempotent
updateauthenticator

Okta Update Authenticator

idempotent
activateauthenticator

Success

deactivateauthenticator

Success

listauthorizationservers

Success

read-only idempotent
createauthorizationserver

Success

getauthorizationserver

Success

read-only idempotent
updateauthorizationserver

Success

idempotent
deleteauthorizationserver

Success

idempotent

Capability Spec

okta-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Okta API
  description: Allows customers to easily access the Okta API
  tags:
  - Okta
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: okta
    baseUri: https://your-subdomain.okta.com
    description: Okta API HTTP API.
    authentication:
      type: apikey
      in: header
      name: Authorization
      value: '{{OKTA_TOKEN}}'
    resources:
    - name: api-v1-apps
      path: /api/v1/apps
      operations:
      - name: listapplications
        method: GET
        description: Okta List Applications
        inputParameters:
        - name: q
          in: query
          type: string
        - name: after
          in: query
          type: string
          description: Specifies the pagination cursor for the next page of apps
        - name: limit
          in: query
          type: integer
          description: Specifies the number of results for a page
        - name: filter
          in: query
          type: string
          description: Filters apps by status, user.id, group.id or credentials.signing.kid expression
        - name: expand
          in: query
          type: string
          description: Traverses users link relationship and optionally embeds Application User resource
        - name: includeNonDeleted
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createapplication
        method: POST
        description: Okta Add Application
        inputParameters:
        - name: activate
          in: query
          type: boolean
          description: Executes activation lifecycle operation when creating the app
        - name: OktaAccessGateway-Agent
          in: header
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid
      path: /api/v1/apps/{appId}
      operations:
      - name: getapplication
        method: GET
        description: Okta Get Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateapplication
        method: PUT
        description: Okta Update Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteapplication
        method: DELETE
        description: Okta Delete Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-connections-default
      path: /api/v1/apps/{appId}/connections/default
      operations:
      - name: getdefaultprovisioningconnectionforapplication
        method: GET
        description: Okta Fetches the default Provisioning Connection for an application.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: setdefaultprovisioningconnectionforapplication
        method: POST
        description: Okta Sets the default Provisioning Connection for an application.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: activate
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-connections-default-lifecycle-
      path: /api/v1/apps/{appId}/connections/default/lifecycle/activate
      operations:
      - name: activatedefaultprovisioningconnectionforapplicat
        method: POST
        description: Okta Activate default Provisioning Connection for application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-connections-default-lifecycle-
      path: /api/v1/apps/{appId}/connections/default/lifecycle/deactivate
      operations:
      - name: deactivatedefaultprovisioningconnectionforapplic
        method: POST
        description: Okta Deactivate default Provisioning Connection for application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-csrs
      path: /api/v1/apps/{appId}/credentials/csrs
      operations:
      - name: listcsrsforapplication
        method: GET
        description: Okta List Certificate Signing Requests for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: generatecsrforapplication
        method: POST
        description: Okta Generate Certificate Signing Request for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-csrs-csrid
      path: /api/v1/apps/{appId}/credentials/csrs/{csrId}
      operations:
      - name: getcsrforapplication
        method: GET
        description: GET /api/v1/apps/{appId}/credentials/csrs/{csrId}
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: csrId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: revokecsrfromapplication
        method: DELETE
        description: DELETE /api/v1/apps/{appId}/credentials/csrs/{csrId}
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: csrId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-csrs-csrid-lifecyc
      path: /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
      operations:
      - name: post-api-v1-apps-appid-credentials-csrs-csrid-li
        method: POST
        description: POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: csrId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-keys
      path: /api/v1/apps/{appId}/credentials/keys
      operations:
      - name: listapplicationkeys
        method: GET
        description: Okta List Key Credentials for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-keys-generate
      path: /api/v1/apps/{appId}/credentials/keys/generate
      operations:
      - name: generateapplicationkey
        method: POST
        description: Generates a new X.509 certificate for an application key credential
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: validityYears
          in: query
          type: integer
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-keys-keyid
      path: /api/v1/apps/{appId}/credentials/keys/{keyId}
      operations:
      - name: getapplicationkey
        method: GET
        description: Okta Get Key Credential for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: keyId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-keys-keyid-clone
      path: /api/v1/apps/{appId}/credentials/keys/{keyId}/clone
      operations:
      - name: cloneapplicationkey
        method: POST
        description: Okta Clone Application Key Credential
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: keyId
          in: path
          type: string
          required: true
        - name: targetAid
          in: query
          type: string
          required: true
          description: Unique key of the target Application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-secrets
      path: /api/v1/apps/{appId}/credentials/secrets
      operations:
      - name: listclientsecretsforapplication
        method: GET
        description: Okta List client secrets
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createnewclientsecretforapplication
        method: POST
        description: Okta Add new client secret
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-secrets-secretid
      path: /api/v1/apps/{appId}/credentials/secrets/{secretId}
      operations:
      - name: getclientsecretforapplication
        method: GET
        description: Okta Get client secret
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: secretId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteclientsecretforapplication
        method: DELETE
        description: Removes a secret from the client's collection of secrets.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: secretId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-secrets-secretid-l
      path: /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate
      operations:
      - name: activateclientsecretforapplication
        method: POST
        description: Okta Activate a client secret
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: secretId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-credentials-secrets-secretid-l
      path: /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate
      operations:
      - name: deactivateclientsecretforapplication
        method: POST
        description: Okta Deactivate a client secret
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: secretId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-features
      path: /api/v1/apps/{appId}/features
      operations:
      - name: listfeaturesforapplication
        method: GET
        description: Okta Fetches the Feature objects for an application.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-features-name
      path: /api/v1/apps/{appId}/features/{name}
      operations:
      - name: getfeatureforapplication
        method: GET
        description: Okta Fetches a Feature object for an application.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: name
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatefeatureforapplication
        method: PUT
        description: Okta Updates a Feature object for an application.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: name
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-grants
      path: /api/v1/apps/{appId}/grants
      operations:
      - name: listscopeconsentgrants
        method: GET
        description: Lists all scope consent grants for the application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: grantconsenttoscope
        method: POST
        description: Grants consent for the application to request an OAuth 2.0 Okta scope
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-grants-grantid
      path: /api/v1/apps/{appId}/grants/{grantId}
      operations:
      - name: getscopeconsentgrant
        method: GET
        description: Fetches a single scope consent grant for the application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: grantId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: revokescopeconsentgrant
        method: DELETE
        description: Revokes permission for the application to request the given scope
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: grantId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-groups
      path: /api/v1/apps/{appId}/groups
      operations:
      - name: listapplicationgroupassignments
        method: GET
        description: Okta List Groups Assigned to Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: q
          in: query
          type: string
        - name: after
          in: query
          type: string
          description: Specifies the pagination cursor for the next page of assignments
        - name: limit
          in: query
          type: integer
          description: Specifies the number of results for a page
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-groups-groupid
      path: /api/v1/apps/{appId}/groups/{groupId}
      operations:
      - name: getapplicationgroupassignment
        method: GET
        description: Okta Get Assigned Group for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: groupId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createapplicationgroupassignment
        method: PUT
        description: Okta Assign Group to Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: groupId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteapplicationgroupassignment
        method: DELETE
        description: Okta Remove Group from Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: groupId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-lifecycle-activate
      path: /api/v1/apps/{appId}/lifecycle/activate
      operations:
      - name: activateapplication
        method: POST
        description: Okta Activate Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-lifecycle-deactivate
      path: /api/v1/apps/{appId}/lifecycle/deactivate
      operations:
      - name: deactivateapplication
        method: POST
        description: Okta Deactivate Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-logo
      path: /api/v1/apps/{appId}/logo
      operations:
      - name: uploadapplicationlogo
        method: POST
        description: Okta The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape
          orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-policies-policyid
      path: /api/v1/apps/{appId}/policies/{policyId}
      operations:
      - name: updateapplicationpolicy
        method: PUT
        description: Okta Update application policy
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: policyId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-sso-saml-metadata
      path: /api/v1/apps/{appId}/sso/saml/metadata
      operations:
      - name: previewsamlappmetadata
        method: GET
        description: Previews SAML metadata based on a specific key credential for an application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: kid
          in: query
          type: string
          required: true
          description: unique key identifier of an Application Key Credential
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-tokens
      path: /api/v1/apps/{appId}/tokens
      operations:
      - name: listoauth2tokensforapplication
        method: GET
        description: Lists all tokens for the application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        - name: after
          in: query
          type: string
        - name: limit
          in: query
          type: integer
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: revokeoauth2tokensforapplication
        method: DELETE
        description: Revokes all tokens for the specified application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-tokens-tokenid
      path: /api/v1/apps/{appId}/tokens/{tokenId}
      operations:
      - name: getoauth2tokenforapplication
        method: GET
        description: Gets a token for the specified application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: tokenId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: revokeoauth2tokenforapplication
        method: DELETE
        description: Revokes the specified token for the specified application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: tokenId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-users
      path: /api/v1/apps/{appId}/users
      operations:
      - name: listapplicationusers
        method: GET
        description: Okta List Users Assigned to Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: q
          in: query
          type: string
        - name: query_scope
          in: query
          type: string
        - name: after
          in: query
          type: string
          description: specifies the pagination cursor for the next page of assignments
        - name: limit
          in: query
          type: integer
          description: specifies the number of results for a page
        - name: filter
          in: query
          type: string
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: assignusertoapplication
        method: POST
        description: Okta Assign User to Application for SSO & Provisioning
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-apps-appid-users-userid
      path: /api/v1/apps/{appId}/users/{userId}
      operations:
      - name: getapplicationuser
        method: GET
        description: Okta Get Assigned User for Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: userId
          in: path
          type: string
          required: true
        - name: expand
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateapplicationuser
        method: POST
        description: Okta Update Application Profile for Assigned User
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: userId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteapplicationuser
        method: DELETE
        description: Okta Remove User from Application
        inputParameters:
        - name: appId
          in: path
          type: string
          required: true
        - name: userId
          in: path
          type: string
          required: true
        - name: sendEmail
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authenticators
      path: /api/v1/authenticators
      operations:
      - name: listauthenticators
        method: GET
        description: Okta Lists all available Authenticators
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createauthenticator
        method: POST
        description: Okta Create an Authenticator
        inputParameters:
        - name: activate
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authenticators-authenticatorid
      path: /api/v1/authenticators/{authenticatorId}
      operations:
      - name: getauthenticator
        method: GET
        description: Success
        inputParameters:
        - name: authenticatorId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateauthenticator
        method: PUT
        description: Okta Update Authenticator
        inputParameters:
        - name: authenticatorId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authenticators-authenticatorid-lifecycle-
      path: /api/v1/authenticators/{authenticatorId}/lifecycle/activate
      operations:
      - name: activateauthenticator
        method: POST
        description: Success
        inputParameters:
        - name: authenticatorId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authenticators-authenticatorid-lifecycle-
      path: /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate
      operations:
      - name: deactivateauthenticator
        method: POST
        description: Success
        inputParameters:
        - name: authenticatorId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authorizationservers
      path: /api/v1/authorizationServers
      operations:
      - name: listauthorizationservers
        method: GET
        description: Success
        inputParameters:
        - name: q
          in: query
          type: string
        - name: limit
          in: query
          type: string
        - name: after
          in: query
          type: string
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createauthorizationserver
        method: POST
        description: Success
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-authorizationservers-authserverid
      path: /api/v1/authorizationServers/{authServerId}
      operations:
      - name: getauthorizationserver
        method: GET
        description: Success
        inputParameters:
        - name: authServerId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateauthorizationserver
        method: PUT
        description: Success
        inputParameters:
        - name: authServerId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteauthorizationserver
        method: DELETE
        description: Success
        inputParameters:
        - name: authServerId
          in: path
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: okta-rest
    description: REST adapter for Okta API.
    resources:
    - path: /api/v1/apps
      name: listapplications
      operations:
      - method: GET
        name: listapplications
        description: Okta List Applications
        call: okta.listapplications
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/apps
      name: createapplication
      operations:
      - method: POST
        name: createapplication
        description: Okta Add Application
        call: okta.createapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/apps/{appId}
      name: getapplication
      operations:
      - method: GET
        name: getapplication
        description: Okta Get Application
        call: okta.getapplication
        with:
          appId: rest.appId
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/apps/{appId}
      name: updateapplication
      operations:
      - method: PUT
        name: updateapplication
        description: Okta Update Application
        call: okta.updateapplication
        with:
          appId: rest.appId
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/apps/{appId}
      name: deleteapplication
      operations:
      - method: DELETE
        name: deleteapplication
   

# --- truncated at 32 KB (86 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/okta/refs/heads/main/capabilities/okta-capability.yaml