Our new API: How to do magic tricks with Identity

March 14th, 2016   /     /   product and technology, smarter identity, security and compliance

Last week OneLogin released our new API, rebuilt from the ground up, together with a brand new developer website. Yes, you can make multiple keys, with auditing and with minimum necessary scope. Sure, it’s all OAuth 2.0, and JSON, and fun and fast, but the exciting bit is all of the things you can do with it.

Companies use OneLogin to connect their employees or customers to all of their applications, letting them have access seamlessly and securely. In other words, it lets companies move fast, but without breaking things from a security perspective.

Once all your applications are connected into OneLogin, there is a simple “kill switch” for a user that shuts them out of all the applications. In seconds.

What does this have to do with an API?

Well, now this API lets you control this identity system from other applications.

A good example is our partnership with CloudLock, where nefarious activity in any cloud app or across cloud apps can be detected, and then one of a few actions can be taken:

  • A single API call will log the user out of all their OneLogin sessions. This prevents access to additional applications, but doesn’t knock them out of the applications they are already in.
  • A single API call can suspend the user’s ability to use any app. When this is triggered OneLogin reaches its tentacles into the user’s apps, and disables the user.
  • A single call can change the security policy the user is under, forcing Multi-Factor Authentication.

What does this mean? Your app suddenly has superpowers, able to perform actions across many users in multiple apps. This is exciting for security companies as well as our customers.

Did I fail to tell you that the API has loads of basic goodies as well: cursor-based pagination, deep query filters, pleasant and meaningful error messages. We’ve also fully integrated our OneLogin WAM documentation, for integrating all of your pesky custom apps into this elegant control plane.

We hope you have fun with it!

Note: Our preexisting APIs /v1-v3 are being deprecated, but don’t worry, they will be supported until 2017.

About the Author

David Meyer leads the Product Team at OneLogin. He works closely with customers, partners and thought leaders to solve identity problems in an elegant and powerful way. Having created many products at various companies over the last 20 years, David is excited to be building a fundamental utility for the modern enterprise- something every company needs.

View all posts by David Meyer