Skip to main content

How to get your API keys

This section will illustrate how to get your Okta FGA API keys to call the API.

Before you start

You must have an Okta FGA account. You can sign up for one on the Okta FGA dashboard.

Step by Step

When using the Okta FGA SDKs or calling the API you will need:

  • A Store ID
  • A Client ID (not needed for the Playground environment)
  • A Client Secret (not needed for the Playground environment)

In order to get your Store ID and your API keys, follow the steps below:

Management Dashboard (DCP)

01. Settings page

To obtain your API keys, select "Settings" from the Dashboard's sidebar menu.

Image showing Okta FGA settings page

02. Setting relevant environment variables

API_URLAPI_AUDIENCEAPI_TOKEN_ISSUER
UShttps://api.us1.fga.devhttps://api.us1.fga.dev/fga.us.auth0.com
EUhttps://api.eu1.fga.devhttps://api.eu1.fga.dev/fga.us.auth0.com
Australiahttps://api.au1.fga.devhttps://api.au1.fga.dev/fga.us.auth0.com

03. Obtain store ID

The Store ID is available in the Store Settings section. Store this value in FGA_STORE_ID environment variable.

Image showing Okta FGA settings page

04. Create credentials and obtain client secret

  1. If you do not have the client secret, you will be presented with the Create Credentials button. Click this Create Credentials button. Otherwise if you already have the client secret, you may proceed to Step 05. Obtain client ID.

    Image showing Okta FGA settings page click create credential

  2. Enter the credential name in the provided text box. This credential name is used to easily identify your credentials in the future. Click Submit button when done.

    Image showing Okta FGA credential name page

  3. A popup window will be presented with the client secret in the Secret text box. Copy this value and store it in the FGA_CLIENT_SECRET environment variable. Click Confirm once you have saved this value in a secure location.

    Image showing Okta FGA credential secret popup

note

The client secret will need to be regenerated by clicking the if it is lost or compromised in any way.

05. Obtain client ID

Once the client secret is generated, the client ID is available in the API Credentials panel's ID text box. Save this value in the FGA_CLIENT_ID environment variable.

Image showing Okta FGA client ID

06. Obtain bearer token

If the API is to be invoked via the API Docs viewer or directly instead of through SDKs, you will need to obtain access token for use in later steps:

# Not needed when calling the Playground API
curl -X POST \
https://fga.us.auth0.com/oauth/token \
-H 'content-type: application/json' \
-d '{"client_id":"'$FGA_CLIENT_ID'","client_secret":"'$FGA_CLIENT_SECRET'","audience":"https://api.us1.fga.dev/","grant_type":"client_credentials"}'

# The response will be returned in the form
# {
# "access_token": "eyJ...Ggg",
# "expires_in": 86400,
# "scope": "read:tuples write:tuples check:tuples ... write:authorization-models",
# "token_type": "Bearer"
# }
# Store this `access_token` value in environment variable `FGA_BEARER_TOKEN`

FGA_SERVER_URL = 'https://api.us1.fga.dev/' // 'https://api.eu1.fga.dev/' for EU and 'https://api.au1.fga.dev/' for AU
Okta FGA Dashboard

Introduction to the Okta FGA Dashboard.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.