See quickstart Menu

How to manage users via API

Use the Administrative API to create integrations with other applications, perform bulk operations, reset passwords, assign apps and much more.

Our API is designed using RESTful principles and requires different levels of authorization depending on the resources and actions that you might want to take.

Use the API Reference here here or continue reading to discover how to make API requests using different languages.


We created client SDKs in the following languages to help with authentication, making requests, and to facilitate use of this API.

Authorizing Requests

All API requests require an OAuth2.0 Bearer token in the Authorization header. A valid credential pair of client_id and client_secret is required to generate the token.

  1. Follow these steps to create an API Credential pair

  2. Use the API to generate an access token or use one of our SDKs to generate tokens.

Sample: Create a user

See the Create User API for a complete list of available user attributes.

const request = require('request')

let options = {
  method: 'POST',
  uri: 'https://<subdomain>',
  auth: {
    bearer: 'ACCESS TOKEN'
  json: {
    firstname: "Sally",
    lastname: "Tyler",
    email: "",
    username: "styler"

request(options, function(error, response, body){

using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;


var client = new HttpClient();

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

dynamic user = new {
    firstname = "Sally",
    lastname = "Tyler",
    email = "",
    username = "styler"

var request = new HttpRequestMessage(){
    Method = HttpMethod.Post,
    RequestUri = new Uri("https://<subdomain>"),
    Content = new StringContent(JsonConvert.SerializeObject(user))

// We add the Content-Type Header like this because otherwise dotnet
// adds the utf-8 charset extension to it which is not compatible with OneLogin
request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");

var response = await client.SendAsync(request);
var responseBody = await response.Content.ReadAsStringAsync();

dynamic json = JsonConvert.DeserializeObject(responseBody);

This makes use of the OneLogin Ruby Gem

require 'onelogin'

client =
    client_id: 'ONELOGIN CLIENT ID',
    client_secret:'ONELOGIN CLIENT SECRET',
    region: 'us'

user = client.create_user(
  firstname: "Sally",
  lastname: "Tyler",
  email: "",
  username: "styler"

This makes use of the OneLogin Python SDK

from onelogin.api.client import OneLoginClient

client = OneLoginClient(

user = client.create_user({
  "firstname": "Sally",
  "lastname": "Tyler",
  "email": "",
  "username": "styler"

This makes use of the OneLogin Java SDK

Client client = new Client();

Map params = new HashMap();
params.put("email", "");
params.put("firstname", "Sally");
params.put("lastname", "Tyler");
params.put("username", "Styler");

User user = client.createUser(params);

This makes use of the OneLogin PHP SDK

use \OneLogin\api\OneLoginClient;

$client = new OneLoginClient('ONELOGIN CLIENT ID', 'ONELOGIN CLIENT SECRET', 'us');

$params = array(
  "email" => "",
  "firstname" => "Sally",
  "lastname" => "Tyler",
  "username" => "styler"

$user = $client->createUser($params);

Delete Users in Bulk Using the OneLogin OAuth API

As an alternative to using the CSV upload functionality to delete users in bulk, we also provide a script that reads a CSV file and performs user deletions using the OneLogin OAuth API. You can download the script zip file using this link:



Ruby 2.2.2 with rest-client 2.0.1 gem

To install the gem, run $ gem install rest-client


  1. Create a CSV file that includes the users you want to delete from OneLogin.

    The file should include a header row with column names in lowercase. It should include at least one of the following columns:

    • User ID of each user (with column heading id)
    • Username of each user (with column heading username).
    • Email of each user (with column heading email).
  2. Get an API credential pair (Client Secret and Client ID).

    Create credentials with a minimum scope of Manage users.

  3. Download (above) and unzip it.

  4. In a terminal, change to the directory where you unzipped the download.

  5. Run the following command, replacing the options as specified below.

    $ ruby delete_users.rb env=<us|eu|de> file=<your_filename> client_id=<your_client_id> client_secret=<your_client_secret> dry_run=false

    <us|eu|de> is the location where your OneLogin account resides.
    <your_filename> is the path to your csv file.
    <your_client_id> is the Client ID from the API credentials you got in step 2.
    <your_client_secret> is the Client Secret from your API credentials.

    For example:

    $ ruby delete_users.rb env=us file=onelogin/users.csv client_id=abc123def456 client_secret=456def123abc dry_run=false

    Note. To do a “dry run” of the script, change dry_run=false to dry_run=true. The script will print what the command would do without actually executing the command.

  6. Go to your OneLogin account and confirm the deletions.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.