> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta_ApiServiceIntegration

> An API service integration

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Overview

API service integrations in Okta represent OAuth 2.0 service (daemon) applications that can be granted machine-to-machine access to Okta APIs. There are some important differences between API service integrations and [regular OIDC service applications in Okta](/opengraph/extensions/okta/nodes/okta_application):

| Feature                                      | Service Applications | API Service Integrations |
| -------------------------------------------- | -------------------- | ------------------------ |
| Can be created manually:                     | ✅                    | ❌                        |
| Can be added from the OIN Catalog:           | ✅                    | ✅                        |
| Require role assignments:                    | ✅                    | ❌                        |
| Support authentication using client secrets: | ✅                    | ✅                        |
| Support authentication using private keys:   | ✅                    | ❌                        |
| Admins can read cleartext client secrets:    | ✅                    | ❌                        |

API service integrations are represented as Okta\_ApiServiceIntegration nodes in BloodHound.

## Edges

<Note>
  The tables below list edges defined by the Okta extension only. Additional edges to or from this node may be created by other extensions.
</Note>

### Inbound Edges

| Edge Type                                                                              | Source Node Types                                                                                                                                                                                                            | Traversable |
| -------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
| [Okta\_AppAdmin](/opengraph/extensions/okta/edges/okta_appadmin)                       | [Okta\_User](/opengraph/extensions/okta/nodes/okta_user), [Okta\_Group](/opengraph/extensions/okta/nodes/okta_group), [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application)                                 | ✅           |
| [Okta\_Contains](/opengraph/extensions/okta/edges/okta_contains)                       | [Okta\_Organization](/opengraph/extensions/okta/nodes/okta_organization)                                                                                                                                                     | ✅           |
| [Okta\_CreatorOf](/opengraph/extensions/okta/edges/okta_creatorof)                     | [Okta\_User](/opengraph/extensions/okta/nodes/okta_user), [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application), [Okta\_ApiServiceIntegration](/opengraph/extensions/okta/nodes/okta_apiserviceintegration) | ❌           |
| [Okta\_ResourceSetContains](/opengraph/extensions/okta/edges/okta_resourcesetcontains) | [Okta\_ResourceSet](/opengraph/extensions/okta/nodes/okta_resourceset)                                                                                                                                                       | ✅           |
| [Okta\_ScopedTo](/opengraph/extensions/okta/edges/okta_scopedto)                       | [Okta\_RoleAssignment](/opengraph/extensions/okta/nodes/okta_roleassignment)                                                                                                                                                 | ❌           |
| [Okta\_SecretOf](/opengraph/extensions/okta/edges/okta_secretof)                       | [Okta\_ClientSecret](/opengraph/extensions/okta/nodes/okta_clientsecret)                                                                                                                                                     | ✅           |

### Outbound Edges

| Edge Type                                                          | Destination Node Types                                                                     | Traversable |
| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------ | ----------- |
| [Okta\_CreatorOf](/opengraph/extensions/okta/edges/okta_creatorof) | [Okta\_ApiServiceIntegration](/opengraph/extensions/okta/nodes/okta_apiserviceintegration) | ❌           |

## Properties

| Name          | Source                      | Type       | Description                                            |
| ------------- | --------------------------- | ---------- | ------------------------------------------------------ |
| `id`          | `service.id`                | `string`   | Unique API service integration identifier.             |
| `name`        | `service.name`              | `string`   | Name of the API service integration in Okta.           |
| `displayName` | `service.name`              | `string`   | Display label used in BloodHound.                      |
| `oktaDomain`  | Collector context (non-API) | `string`   | Okta organization domain where the integration exists. |
| `appType`     | `service.type`              | `string`   | Integration/application type identifier.               |
| `oauthScopes` | `service.grantedScopes`     | `string[]` | OAuth 2.0 scopes granted to the integration.           |
| `createdAt`   | `service.createdAt`         | `datetime` | Timestamp when the integration was created.            |

## Sample Property Values

```yaml theme={null}
id: 0oaz7jy5f2oXnvtmN697
name: Falcon Shield
displayName: Falcon Shield
oktaDomain: contoso.okta.com
appType: falconshieldapiservice
oauthScopes:
  - okta.users.read
  - okta.oauthIntegrations.read
  - okta.threatInsights.read
  - okta.devices.read
  - okta.apiTokens.read
  - okta.roles.read
  - okta.logs.read
  - okta.groups.read
  - okta.apps.read
  - okta.domains.read
  - okta.factors.read
  - okta.authenticators.read
  - okta.policies.read
  - okta.networkZones.read
  - okta.features.read
createdAt: 2026-01-15T12:25:42.000Z
```

## Integration OAuth 2.0 Scopes

Each API service integration comes with a pre-defined set of OAuth 2.0 scopes to access Okta APIs:

<img src="https://mintcdn.com/specterops/vLZ2lUIRm_HibFmq/images/extensions/okta/bloodhound-api-service-integration-scopes.png?fit=max&auto=format&n=vLZ2lUIRm_HibFmq&q=85&s=c38b6c92ba43e3f505022c9869cd1262" alt="Okta API service integration scopes in BloodHound" width="1287" height="1362" data-path="images/extensions/okta/bloodhound-api-service-integration-scopes.png" />