See api-docs Menu

Dev Overview of API /1

Welcome to the latest version of the OneLogin Cloud Directory API: version/1. All new development should use this version of the API.

API version /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.


User Resource

Get Users

Get User by ID

Get Apps for a User

Get Roles Assigned to a User

Get Custom Attribute Fields

Create User

Delegate Authentication

Update User

Assign Roles to a User

Remove Roles for a User

Set Password Using Cleartext

Set Password Using SHA-256

Set Custom Attribute Values for a User

Log User Out

Lock User Account

Delete User

Custom Login Pages

Log in User via API

Create Session Login Token

Verify Factor

Session Via API Token

OAuth 2.0 Tokens

Generate Tokens

Refresh Tokens

Revoke Tokens

Get Rate Limit

SAML Assertions

Generate SAML Assertion

Verify Factor


Get Roles

Get Role by ID


Event Resource and Types

Get Events

Get Event by ID

Create Event


Get Groups

Get Group by ID


Generate Invite Link

Send Invite Link

Embed Apps

Embed Apps

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.

StackOverflow discussions about "[onelogin] api"

  • 6

    A: OneLogin REST API with PowerShell's Invoke-RestMethod

    Answered Sep 05 2016

    saved to `$global:helpme" break } Then, wrap all of your Invoke-RestMethod calls in a try Catch block like this. try { $e = Invoke-WebRequest '$id … , as you found in fiddler. With those two changes, here's my request and the response $Splat = @{ Method = 'PUT' Uri = ' …

  • 4

    Q: AWS API credentials with OneLogin SAML and MFA

    Asked Oct 30 2016

    to fully re-authenticate to OneLogin (including MFA) every 60 minutes as the AWS temporary credentials expire. I think that won't fly - our users are accustomed to permanent API credentials tied … We want to allow our users to retrieve a set of temporary CLI credentials for a given AWS role by signing in to OneLogin with password and MFA. We have a working solution, but it requires the user …

  • 2

    A: Refresh token is valid for 45 days in oneLogin

    Answered Aug 17 2016

    Nope. Refresh token lifespan is measured from when it gets created. If you create a new one via refresh it'll 'live' for 45 days. The allows you to hold on to the tokens and still be able to make a n …

  • 2

    Q: OneLogin REST API with PowerShell's Invoke-RestMethod

    Asked Sep 04 2016

    I'm working against the OneLogin REST API and can't seem to get any calls with a PUT method working. When I test in Postman, I can pass a raw JSON body like this: { "role_id_array … ": [ 115028 ] } to the endpoint: This works just fine. However, when I attempt to do the same with PowerShell's …

  • 2

    Q: How to use onelogin SSO with AngularJS?

    Asked Jun 20 2016

    questions: 1> Onelogin is using SAML instead of OpenID Connect. I am not asking what's the difference between these two, but what is recommended since everyone is moving towards OpenID Connect? 2> Does Onelogin supports AngularJS? I don't see any documentation for onelogin API with AngularJS & Node See Here … I was looking into Onelogin for SSO. We have applications written in .NET, AngularJS + Node. None of these applications are mobile applications. After going through their documentation I have few …