See api-docs Menu

v1-v3 APIs have been deprecated

Don't worry, these APIs are deprecated, but they won't be shut off until 2017, at the earliest. Questions? Contact devsupport@onelogin.com.

All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.

Authenticate in C#

Below is C# sample code for use in an ASP.Net page. It will retrieve and process the login request.

You should modify it to detect the user’s company account and retrieve the secret shared token.

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // this is the token that is shared with the remote authenticator
        // your application should retrieve this from the users company account

        string token = "pou134pj123lk1l2kj3l1kj23"; // demo data only

        int maxTimestampSlack = 240; // allow +/- 5 minutes slack
        double currentTimestamp = (DateTime.UtcNow - new DateTime(1970,1,1,0,0,0)).
        TotalSeconds;

        // validate timestamp and throw an exception if it's too old

        int remoteTimestamp = Convert.ToInt32(Request.QueryString["timestamp"]);
        if (System.Math.Abs(remoteTimestamp - currentTimestamp) > maxTimestampSlack)
            throw new Exception("Timestamp expired");

        // validate the signature and throw an exception if it's invalid. 

        string message = Request.QueryString["firstname"] 
                       + Request.QueryString["lastname"] 
                       + Request.QueryString["email"] 
                       + Request.QueryString["timestamp"] 
                       + token;

        if (SHA1(message) != Request.QueryString["signature"])
            throw new Exception("Invalid signature");

        // Success!!

        // Request.QueryString["firstname"]             = firstname
        // Request.QueryString["lastname"]              = firstname
        // Request.QueryString["email"]                 = email
    }

    private string SHA1(string value)
    {
        byte[] bs = System.Text.Encoding.UTF8.GetBytes(value);
        bs = new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(bs);
        System.Text.StringBuilder sb = new System.Text.StringBuilder();
        foreach (byte b in bs)
        {
            sb.Append(b.ToString("x2").ToLower());
        }

        return sb.ToString();
    }
}