API Key

API keys are essential for integrating Okto into your application. They authenticate your requests and associate them with your Okto Dashboard account. This guide will help you locate, generate, and manage your API keys safely.

App ID

The App ID is a unique identifier for your application and you as a Vendor. It's used to associate your Okto client with this specific app in our system.

Steps to Access App ID

  1. Log in to the Okto Dashboard.

  2. Navigate to the API Keys section from the sidebar menu.

API Page - Okto Dashboard

  1. Locate the App ID displayed at the top of the API Keys page.

  2. Click the Copy button to copy the App ID to your clipboard.

App Secret

The App Secret is a confidential key used to authenticate your API requests. Keep this secret secure and never share it publicly or include it in client-side code.

Note

The “App ID”, which is also revealed in the “API Keys” page, is different. It is a public unique ID, but the App Secret is the actual key you need to download and keep safe. You can use this key to access all SDK and client-side APIs.

Steps to Access App Secret

  1. Log in to the Okto Dashboard.

  2. Navigate to the API Keys section from the sidebar menu.

API Key - Okto Dashboard

  1. Click the Get App Secret button. You may be prompted to re-authenticate.

  2. Once revealed, copy and securely store the App Secret.

Note

  • App ID and App Secret pairs are unique for each environment (e.g., sandbox, production).
  • Ensure you're using the correct pair for the environment you're working in.
  • Okto does not store your API secret so keep it safe and secret.

Storing App Secret

  • How Okto stores it: Okto does not store any vendors’ API secret. In case it's lost, you can reset the key.
  • How you should store it:
    • Use environment variables or secure secret management systems.
    • Never hardcode the secret in your application code.
    • Avoid storing it in version control systems.

Reset App Secret

If you lose your App Secret or suspect unauthorized use:

  1. Go to the API Keys section on the dashboard.

API Secret - Okto Dashboard

  1. Click the Reset button next to the App Secret field.

  2. A new App Secret will be generated. Copy the App Secret and store it securely.

  3. Update all your applications with the new secret to avoid service disruption.

Note

  • If someone obtains your App ID and App Secret, they could potentially make unauthorized requests on behalf of your application.
  • In case of a suspected breach, immediately regenerate your App Secret and update your applications.

FAQ

1. What is the difference between App ID and App Secret for Vendors?

  • App ID: A public identifier for your application used to associate your client with Okto.

  • App Secret: A private key used to authenticate requests from your application to Okto's servers. It is also referred to as OKTO API KEY in the docs.

2. How do I know which environment (sandbox/production) my API keys belong to?

Each environment’s keys are managed separately. Ensure the environment is indicated in your dashboard (e.g., "Sandbox" or "Production") before copying your keys.

3. What should I do if I accidentally expose my App Secret?

Immediately reset your App Secret through the dashboard and update it in your applications to prevent unauthorized access.

Previous

Pricing

Next

Overview

On this page