See api-docs Menu

List Hooks

Early Preview

This API is in early preview and may be subject to change. Please complete this form to register for early access.

Use this API to return a list of all Smart Hooks that have been created in a OneLogin account.

Resource URL


Header Parameters




Set to bearer <access_token>.

Set <access_token> to the access token you generated using the Generate Token API.

The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: Manage All.

In order to use Smart Hooks your API Credentials must be created after 21st October 2020.

Query Parameters

Standard pagination is supported. Max page limit is 1000. See Pagination for detail on how this works.

Sample Responses

        "id": "d360aded-6063-4c60-8add-45f32772ff71",
        "type": "pre-authentication",
        "packages": {
          "ua-parser-js": "0.7.21"
        "runtime": "nodejs12.x",
        "context_version": ">= 1.0.0",
        "retries": 0,
        "timeout": 1,
        "disabled": false,
        "status": "ready",
        "env_vars": [
        "risk_enabled": false,
        "location_enabled": true,
        "mfa_device_info_enabled": false,
        "created_at": "2020-10-14T01:54:59.976Z",
        "updated_at": "2020-10-16T17:28:45.970Z"

Typically, this error means that your access token value is invalid.

    "name": "UnauthorizedError",
    "message": "The request requires user authentication."

Response Elements

id The Hook unique ID in OneLogin.
type A string describing the type of hook. e.g. `pre-authentication`
packages An object containing NPM packages that are bundled with the hook function.
runtime The Smart Hooks supported Node.js version to execute this hook with.
context_version The semantic version of the content that will be injected into this hook.
retries Default 0. Max 4. Number of retries if execution fails.
timeout Default 1. The number of seconds to allow the hook function to run before before timing out. Maximum timeout varies based on the type of hook. See overview for more details.
disabled Boolean to enable or disable the hook. Disabled hooks will not run.
status String describing the state of the hook function. When a hook is ready and disabled is false it will be executed.
  • ready
  • create-queued
  • create-running
  • create-failed
  • update-queued
  • update-running
  • update-failed
env_vars Array of Environment Variable objects that will be available via process.env.ENV_VAR_NAME in the hook code.
risk_enabled Boolean indicating if risk score and reasons will be included in the hook function context object.
location_enabled Boolean indicating if end user location, including IP address and country code will be included in the hook function context.
mfa_device_info_enabled Default false. When true a list of MFA devices registered by the user will be made available in the pre-authentication context.
created_at ISO8601 format date that they hook function was created.
created_at ISO8601 format date that they hook function was last updated.

Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Download for the Smart Hooks API

Sample Code


Replace sample values indicated by < > with your actual values.

List Smart Hooks

curl 'https://<api-domain>/api/2/hooks' \
-X GET \
-H "Authorization: bearer <access_token>"

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.