See api-docs Menu

Authorizing Resource API Calls

Get API Credentials

To call any of our resource APIs, start by getting an API credential pair, which consists of a client ID and client secret.

Generate an Access Token

Use the API credentials to generate an access token (and refresh token).

Use the access token to authorize calls to resource APIs. For details about providing the access token in a resource API call, see the API doc for the call you want to make.

An access token is valid for 10 hours. Once an access token has expired, it will no longer work for authorizing resource API calls and you’ll start receiving 401 Unauthorized errors, such as the one shown here:

    "status": {
      "error": true,
      "code": 401,
      "type": "Unauthorized",
      "message": "Authentication Failure"

To avoid errors, generate a new token before the token expires.

Revoke Tokens

You can revoke a set of tokens using the access token you want to revoke and the API credential pair used to generate the access token.

Important: Revoking an access token means that the access token and its associated refresh token will no longer work.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.