See quickstart Menu

How to manage users via API

Use the Administrative API to create integrations with other applications, perform bulk operations, reset passwords, assign apps and much more.

Our API is designed using RESTful principles and requires different levels of authorization depending on the resources and actions that you might want to take.

Use the API Reference here here or continue reading to discover how to make API requests using different languages.


We created client SDKs in the following languages to help with authentication, making requests, and to facilitate use of this API.

Authorizing Requests

All API requests require an OAuth2.0 Bearer token in the Authorization header. A valid credential pair of client_id and client_secret is required to generate the token.

  1. Follow these steps to create an API Credential pair

  2. Use the API to generate an access token or use one of our SDKs to generate tokens.

Sample: Create a user

See the Create User API for a complete list of available user attributes.

const request = require('request')

let options = {
  method: 'POST',
  uri: 'https://<subdomain>',
  auth: {
    bearer: 'ACCESS TOKEN'
  json: {
    firstname: "Sally",
    lastname: "Tyler",
    email: "",
    username: "styler"

request(options, function(error, response, body){

using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;


var client = new HttpClient();

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

dynamic user = new {
    firstname = "Sally",
    lastname = "Tyler",
    email = "",
    username = "styler"

var request = new HttpRequestMessage(){
    Method = HttpMethod.Post,
    RequestUri = new Uri("https://<subdomain>"),
    Content = new StringContent(JsonConvert.SerializeObject(user))

// We add the Content-Type Header like this because otherwise dotnet
// adds the utf-8 charset extension to it which is not compatible with OneLogin
request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");

var response = await client.SendAsync(request);
var responseBody = await response.Content.ReadAsStringAsync();

dynamic json = JsonConvert.DeserializeObject(responseBody);

This makes use of the OneLogin Ruby Gem

require 'onelogin'

client =
    client_id: 'ONELOGIN CLIENT ID',
    client_secret:'ONELOGIN CLIENT SECRET',
    region: 'us'

user = client.create_user(
  firstname: "Sally",
  lastname: "Tyler",
  email: "",
  username: "styler"

This makes use of the OneLogin Python SDK

from onelogin.api.client import OneLoginClient

client = OneLoginClient(

user = client.create_user({
  "firstname": "Sally",
  "lastname": "Tyler",
  "email": "",
  "username": "styler"

This makes use of the OneLogin Java SDK

Client client = new Client();

Map params = new HashMap();
params.put("email", "");
params.put("firstname", "Sally");
params.put("lastname", "Tyler");
params.put("username", "Styler");

User user = client.createUser(params);

This makes use of the OneLogin PHP SDK

use \OneLogin\api\OneLoginClient;

$client = new OneLoginClient('ONELOGIN CLIENT ID', 'ONELOGIN CLIENT SECRET', 'us');

$params = array(
  "email" => "",
  "firstname" => "Sally",
  "lastname" => "Tyler",
  "username" => "styler"

$user = $client->createUser($params);

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.