Authentication

Authentication is done via Basic HTTP Authentication. Use the API key as the username and x as the password as shown below. The key must be passed in every request to the API. All API activity will be logged in the audit trail as the user 'API'.

curl -u {api_key}:x http://app.onelogin.com/users.xml
You can find the The API key in the admin interface under Admin / API.

REST operations

REST stands for REpresentational State Transfer and is a very simple and elegant way of interacting with applications using standard HTTP operations. If you are interested in reading more about REST, check out this Wikipedia article.

OneLogin's API supports five basic operations for each entity: read, list, create, update and delete. The easiest way to illustate how they work is using cURL. Note that some of the operations expect the 'application/xml' content type and will not work without it.

Return codes

An operation must return one of the following codes.

Read

curl -u {api_key}:x http://app.onelogin.com/users/{id}.xml

List

curl -u {api_key}:x http://app.onelogin.com/users.xml

Create

curl -u {api_key}:x -H "Content-type: application/xml" \
-d "<user><email>joe@acme.com</email><role-id>824</role-id></user>" \
-X POST http://app.onelogin.com/users.xml

Update

curl -u {api_key}:x -H "Content-type: application/xml" \
-d "<user><firstname>Joseph</firstname></user>" \
-X PUT http://app.onelogin.com/users/{id}.xml

Delete

curl -u {api_key}:x -X DELETE http://app.onelogin.com/users/{id}.xml