Authentication
Authentication is done via Basic HTTP Authentication. Use the API key as the username and x as the password as shown below. The key must be passed in every request to the API. All API activity will be logged in the audit trail as the user 'API'.
REST operations
REST stands for REpresentational State Transfer and is a very simple and elegant way of interacting with applications using standard HTTP operations. If you are interested in reading more about REST, check out this Wikipedia article.
OneLogin's API supports five basic operations for each entity: read, list, create, update and delete. The easiest way to illustate how they work is using cURL. Note that some of the operations expect the 'application/xml' content type and will not work without it.
Return codes
An operation must return one of the following codes.
- 200 OK
- 201 Created
- 404 Not found
- 422 Unprocessable entity - see <errors></errors> in the response document for details.
Read
List
Create
-d "<user><email>joe@acme.com</email><role-id>824</role-id></user>" \
-X POST http://app.onelogin.com/users.xml
Update
-d "<user><firstname>Joseph</firstname></user>" \
-X PUT http://app.onelogin.com/users/{id}.xml