See api-docs Menu

v1-v3 APIs have been deprecated

Don't worry, these APIs are deprecated, but they aren't shut off yet.

All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.

Authenticate in C#

Below is C# sample code for use in an ASP.Net page. It will retrieve and process the login request.

You should modify it to detect the user’s company account and retrieve the secret shared token.

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page 
    protected void Page_Load(object sender, EventArgs e)
        // this is the token that is shared with the remote authenticator
        // your application should retrieve this from the users company account

        string token = "pou134pj123lk1l2kj3l1kj23"; // demo data only

        int maxTimestampSlack = 240; // allow +/- 5 minutes slack
        double currentTimestamp = (DateTime.UtcNow - new DateTime(1970,1,1,0,0,0)).

        // validate timestamp and throw an exception if it's too old

        int remoteTimestamp = Convert.ToInt32(Request.QueryString["timestamp"]);
        if (System.Math.Abs(remoteTimestamp - currentTimestamp) > maxTimestampSlack)
            throw new Exception("Timestamp expired");

        // validate the signature and throw an exception if it's invalid. 

        string message = Request.QueryString["firstname"] 
                       + Request.QueryString["lastname"] 
                       + Request.QueryString["email"] 
                       + Request.QueryString["timestamp"] 
                       + token;

        if (SHA1(message) != Request.QueryString["signature"])
            throw new Exception("Invalid signature");

        // Success!!

        // Request.QueryString["firstname"]             = firstname
        // Request.QueryString["lastname"]              = firstname
        // Request.QueryString["email"]                 = email

    private string SHA1(string value)
        byte[] bs = System.Text.Encoding.UTF8.GetBytes(value);
        bs = new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(bs);
        System.Text.StringBuilder sb = new System.Text.StringBuilder();
        foreach (byte b in bs)

        return sb.ToString();

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.