See api-docs Menu

Create a Hook

Use this API to create a Hook function to extend a OneLogin workflow.

For example you might want to create conditional login flow that offers a different experience base on the device type and location of the authenticating user. For this you would create a pre-authentication hook containing the conditional function code.

See Hook Overview for more detail on the types of hooks available, the context object inserted into the hook function, and how to return from your hook function.


Resource URL

https://<subdomain>/api/2/hooks

Header Parameters

Authorization

required

string

Set to bearer <access_token>.

Set <access_token> to the access token you generated using the Generate Token API.

The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: Manage All.

In order to use Smart Hooks your API Credentials must be created after 21st October 2020.

Content-Type

required

string

Set to application/json.

Request Parameters

type

required

string

The type of hook function that will be created. Must be one of:

  • pre-authentication

See the Smart Hooks Overview for more detail on the types of hooks available, the context object inserted into the hook function, and how to return from your hook function.

disabled

required

boolean

Default true. Indicates if function is available for execution or not.

timeout

required

integer

Default 1. The number of seconds to allow the hook function to run before before timing out. Maximum timeout varies based on the type of hook. See overview for more details.

env_vars

required

array

An array of predefined environment variables to be supplied to the function at runtime.

runtime

required

string

The Node.js version to execute the hook function with.

context_version

optional

string

Defaults to latest version of context. Supports semantic versioning. e.g. >= 1.0.0"

Each type of Smart Hook has its own set of context versions. See the docs for the type of hook you are creating to get the desired version.

retries

required

integer

Default 0. Max 4. Number of retries if execution fails.

options

object

A set of attributes allow control over the information that is included in the hook context.

See the docs for each hook type to learn about which config options are available.

packages

required

object

A list of public npm packages than will be installed as part of the function build process. Packages can be any version and support the semantic versioning syntax used by NPM.

function

required

string

A base64 encoded string containing the javascript function code.

conditions

array

An array of objects that let you limit the execution of a hook to users in specific roles.

See the docs for each hook type to learn about which config options are available.

Sample Request

Create a Pre-Authentication hook with risk enabled, external NPM packages, and including environment variables.

{
  "type": "pre-authentication",
  "function": "",
  "disabled": false,
  "runtime": "nodejs",
  "retries": 0,
  "timeout": 1,
  "options": {
    "risk_enabled": true,
    "location_enabled": false,
    "mfa_device_info_enabled": true
  },
  "env_vars": [
    "API_KEY"
  ],
  "packages": {
    "axios": "0.21.1"
  },
  "conditions": [
    {
        "source": "roles",
        "operator": "~",
        "value": "123456"
    }
  ]
}

Sample Responses

{
  "id": "bcc59ea8-002c-4ef7-8002-742ce7cc1892",
  "type": "pre-authentication",
  "packages": {},
  "runtime": "nodejs",
  "retries": 0,
  "timeout": 1,
  "disabled": false,
  "status": "create-queued",
  "env_vars": [],
  "options": {
    "location_enabled": false,
    "risk_enabled": false,
    "mfa_device_info_enabled": false
  },
  "created_at": "2020-10-19T23:18:35.162Z",
  "updated_at": "2020-10-19T23:18:35.165Z",
  "function": "CmV4cG9ydHMuaGFuZGxlciA9IGFzeW5jIChjb250ZXh0KSA9PiB7CiAgICByZXR1cm4gewogICAgICAgIHVzZXI6IGNvbnRleHQudXNlcgogICAgfQp9Cg=="
}

Typically, this error means that your Authorization header value is missing or incorrectly formatted. The Authorization header value should use this format: bearer:<access_token>.

{
    "message": "Unauthorized",
    "statusCode": 401,
    "name": "UnauthorizedError"
}

You have tried to create another function for a hook that only allows a single one to be defined. For example you can only have a single pre-authentication hook defined.

{
    "name": "UnauthorizedError",
    "message": "The request requires user authentication."
}

You function is not base64 encoded.

{
    "name": "UnprocessableEntityError",
    "message": "instance.function does not match pattern \"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$\""
}

Response Elements

The values sent in the original payload body will be returned along with the following additions.

id The Hook unique ID in OneLogin.
status String describing the state of the hook function. When a hook is ready and disabled is false it will be executed.
  • ready
  • create-queued
  • create-running
  • create-failed

Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Run in Postman

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

Create Hook

curl 'https://<subdomain>/api/2/hooks' \
-X POST \
-H "Authorization: bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
  "type": "pre-authentication",
  "function": "CmV4cG9ydHMuaGFuZGxlciA9IGFzeW5jIChjb250ZXh0KSA9PiB7CiAgICBjb25zb2xlLmxvZyhjb250ZXh0KQogICAgcmV0dXJuIHsKICAgICAgICB1c2VyOiBjb250ZXh0LnVzZXIKICAgIH0KfQo=",
  "disabled": false,
  "runtime": "nodejs",
  "retries": 0,
  "timeout": 1,
  "env_vars": [
  ],
  "packages": {
  },
  "conditions": [
    {
        "source": "roles",
        "operator": "~",
        "value": "123456"
    }
  ]
}'

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.