See api-docs Menu

Create Rule

Use this API to create an a new App Rule.












Resource URL

https://<subdomain>/api/2/apps/:app_id/rules

Header Parameters

Authorization

required

string

Set to bearer <access_token>.

Set <access_token> to the access token you generated using the Generate Token API.

The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: Manage All.

Content-Type

required

string

Set to application/json.

Request Parameters

app_id

required

integer

The id of the application that where the rules apply.

name

required

The name of the rule. String
enabled

required

Indicates if the rule is enabled or not. Boolean
match

required

Indicates how conditions should be matched.
  • all - Match all conditions
  • any - Match any condition
String
position

required

Indicates the order of the rule. When `null` this will default to last position. Integer
conditions

required

An array of conditions that the user must meet in order for the rule to be applied.
  • source - The source field to check. See List Conditions for possible values.
  • operator - A valid operator for the selected condition source. See List Condition Operators for possible values.
  • value - A plain text string or valid value for the selected condition source. See List Condition Values for possible values.
Array
actions

required

An array of actions that will be applied to the users that are matched by the conditions.
  • action - The action to apply. See List Actions for possible values.
  • value - An array of strings. Only applicable to provisioned and set_* actions. Items in the array will be a plain text string or valid value for the selected action. See List Action Values for possible values. In most cases only a single item will be accepted in the array.
  • expression - A regular expression to extract a value. Applies to provisionable, multi-selects, and string actions.
  • scriplet - A hash containing scriptlet code that returns a value. Scriptlets can not be modified and the same hash should not be applied to other applications.
  • macro - A template to construct a value. Applies to default, string, and list actions.
Array

Sample Request Body

With a standard action

{
    "name": "My Second Rule",
    "match": "all",
    "enabled": true,
    "position": null,
    "conditions": [
        {
            "source": "last_login",
            "operator": ">",
            "value": "90"
        }
    ],
    "actions": [
        {
            "action": "set_status",
            "value": ["2"]
        }
    ]
}

Using an expression in an action

{
    "name": "My Second Rule",
    "match": "all",
    "enabled": true,
    "position": null,
    "conditions": [
        {
            "source": "has_role",
            "operator": "ri",
            "value": "123456"
        }
    ],
    "actions": [
        {
            "action": "set_groups",
            "value": ["member_of"],
            "expression": "/.*/"
        }
    ]
}

With a scriplet action

{
    "name": "My Second Rule",
    "match": "all",
    "enabled": true,
    "position": null,
    "conditions": [
        {
            "source": "last_login",
            "operator": ">",
            "value": "90"
        }
    ],
    "actions": [
        {
            "action": "set_filteredgroups",
            "scriplet": "4a77bdeb87652d78db...."
        }
    ]
}

Sample Responses

{
    "id": 1022743
}

Typically, this error means that your access token value is invalid.

{
    "message": "Unauthorized",
    "statusCode": 401,
    "name": "UnauthorizedError"
}
{
    "code": 422,
    "message": "Validation Failed",
    "errors": [
        {
            "field": "enabled",
            "message": [
                "Required field is missing"
            ]
        }
    ]
}

An invalid condition value was supplied

{
    "code": 422,
    "message": "Validation Failed",
    "errors": [
        {
            "field": "conditions.[0].value",
            "message": [
                "Invalid condition value: 12345"
            ]
        }
    ]
}

Response Elements

id New App Rule ID.

Postman Collection

Run In Postman

The App Rules API Postman Collections are nested in the Apps API Collection folder in the Rules folder.

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

Create a Rule

curl 'https://<subdomain>/api/2/apps/:app_id/rules' \
-X POST \
-H "Authorization: bearer <access_token>"
-H "Content-Type: application/json" \
-d '{
    "name": "My Second Rule",
    "match": "all",
    "enabled": true,
    "position": null,
    "conditions": [
        {
            "source": "last_login",
            "operator": ">",
            "value": "90"
        }
    ],
    "actions": [
        {
            "action": "set_status",
            "value": "2"
        }
    ]
}'

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.