Okta API: Postman – Invalid Session Error

Working with the Okta API, an API key can be used to authenticate calls. One would assume that the API key would be specified in Postman’s “Authorization” tab, but nope.

For some inscrutable reason, when using the standard Authorization API Key method in Postman, the following cryptic error message is excreted:

{ "errorCode": "E0000005", "errorSummary": "Invalid session", "errorLink": "E0000005", "errorId": "oa...BQ", "errorCauses": []}

This error message is… not particularly helpful, and neither the Okta docs nor Googling produces helpful clues as to the problem cause.

As it turns out, the solution is to set Authorization to "No Auth", and add a Header named Authorization with the value of "SSWS {{apikey}}", where {{apikey}} is the value of an API Token generated using the https://yourorg.okta.com/admin/access/api/tokens page.

I’m sure I’m just Holding It Wrong, but this configuration system really makes no sense to me. So, there you have it, I hope this posts saves some poor soul in the future.