See api-docs Menu

Authorizing Resource API Calls

Get API Credentials

To call any of our resource APIs, start by getting an API credential pair, which consists of a client ID and client secret.

Generate an Access Token

Use the API credentials to generate an access token (and refresh token).

Use the access token to authorize calls to resource APIs. For details about providing the access token in a resource API call, see the API doc for the call you want to make.

An access token is valid for 10 hours. Once an access token has expired, it will no longer work for authorizing resource API calls and you’ll start receiving 401 Unauthorized errors, such as the one shown here:

    "status": {
      "error": true,
      "code": 401,
      "type": "Unauthorized",
      "message": "Authentication Failure"

To avoid errors, refresh the token or generate a new one before the token expires.

Refresh Tokens

You can refresh a set of tokens using the access token and refresh token pair that you want to refresh.

Important: Refreshing an access token will provide a new set of access and refresh tokens. The token pair that you used to make the Refresh Tokens API call will no longer work.

Revoke Tokens

You can revoke a set of tokens using the access token you want to revoke and the API credential pair used to generate the access token.

Important: Revoking an access token means that the access token and its associated refresh token will no longer work.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.