How to fetch users from Okta using JavaScript

Editor's note: This article is part of a series on building third-party API integrations. Explore Merge if you’re looking to add 180+ integrations across HR, SCIM, payroll, ATS, CRM, accounting, ticketing, marketing automation, and file storage with one unified API.

Okta is a robust and flexible access management tool that offers identity management services. It serves as a consolidated platform for managing employees' identities, encompassing single sign-on, multi-factor authentication, and lifecycle management features. Furthermore, its ability to integrate smoothly with various applications streamlines the HR process and boosts productivity by automating user management tasks.

Integrations with Okta often require pulling user data to other platforms for use cases like auto-provisioning, org chart management, etc. Integrations like these can oftentimes enhance the system's security and efficiency, among other benefits.

In this article, we'll walk through how you can build an integration with Okta by successfully authenticating and and fetch users using Python!


Okta API authentication configuration

When interacting with the Okta API, it's crucial to apply the correct authentication configuration. Okta supports multiple types of authentication, but we will walk through how to make an API request using Basic Authentication.

The format of this header for Okta should be <code class="blog_inline-code">Authorization: SSWS {API-KEY}</code>.

Replace <code class="blog_inline-code">{API-KEY}</code> with your actual Okta API key. This API key is a unique identifier that allows you to communicate securely with the Okta API. It's important to keep your API key confidential to protect the security and integrity of your data. If you need help finding your API key, we have a help center article with instructions on how to find it.

Remember, every request to the Okta API must include this Authorization header -- failure to include it could result in your requests being denied.

Fetching users from Okta

Below is a sample JavaScript code using <code class="blog_inline-code">fetch</code> to pull users from Okta API. Remember to replace <code class="blog_inline-code">your-okta-domain</code> and <code class="blog_inline-code">your-api-key</code> with your actual Okta domain and API key. This script will fetch users from the Okta API in a paginated manner by following the <code class="blog_inline-code">next</code> URL in each response's Link header until no <code class="blog_inline-code">next</code> URL is found, indicating that it has reached the last page of users.

const DOMAIN = 'your-okta-domain';
const API_KEY = 'your-api-key';

async function fetchUsers(url) {
    let users = [];
    let nextUrl = url;

    while (nextUrl) {
        const response = await fetch(nextUrl, {
            method: 'GET',
            headers: {
                'Accept': 'application/json',
                'Content-Type': 'application/json',
                'Authorization': `SSWS ${API_KEY}`

        if (!response.ok) {
            throw new Error('HTTP error ' + response.status);

        const data = await response.json();
        users = users.concat(data);

        // Look for the 'next' link in the Link header
        let linkHeader = response.headers.get('Link') || '';
        let nextLink = linkHeader.split(',').find(s => s.includes('rel="next"'));

        // If found, prepare the URL for the next round
        if (nextLink) {
            nextUrl = nextLink.split(';')[0].slice(1, -1);
        } else {
            nextUrl = null; // End while loop when no 'next' link is found

    return users;

// Start fetching users
    .then(users => console.log(users))
    .catch(error => console.error(error));

Once you have successfully made a request, you should see the list of Users from Okta as the output.

    "id": "00ub0oNGTSWTBKOLGLNR",
    "status": "ACTIVE",
    "created": "2013-06-24T16:39:18.000Z",
    "activated": "2013-06-24T16:39:19.000Z",
    "statusChanged": "2013-06-24T16:39:19.000Z",
    "lastLogin": "2013-06-24T17:39:19.000Z",
    "lastUpdated": "2013-07-02T21:36:25.344Z",
    "passwordChanged": "2013-07-02T21:36:25.344Z",
    "profile": {
      "firstName": "Isaac",
      "lastName": "Brock",
      "email": "",
      "login": "",
      "mobilePhone": "555-415-1337"
    "credentials": {
      "password": {},
      "recovery_question": {
        "question": "Who's a major player in the cowboy scene?"
      "provider": {
        "type": "OKTA",
        "name": "OKTA"
    "_links": {
      "self": {
        "href": "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"


Congratulations! You have now successfully authenticated and fetched users from Okta with Javascript!

But what happens when Okta is merely one among many integrations that your team must develop and sustain, and your next customer asks you for a JumpCloud, Azure Active Directory or OneLogin integration?

This is where a Unified API, such as Merge, comes into play. At Merge, we’ve built an API that lets you easily integrate once to offer 40+ HRIS, SCIM and Payroll integrations. Our Unified API has also normalized response bodies, pagination and authentication.

You can learn more about Merge by scheduling a demo with one of our integration experts.