Accessing employee data efficiently is crucial for HR automation, analytics, and identity management. The OneLogin API provides developers with a secure and scalable way to fetch user information, synchronize employee records, and integrate authentication systems into their applications.
This article is part of our ongoing series on the HRIS APIs, focusing on how to get employee data from OneLogin using Python. If you’d like to explore other HRIS API use cases, including authentication, rate limits, and setup guides, you can find our complete overview here.
Getting Employee Data from OneLogin API
Prerequisites
Before you start, ensure that you have:
- Access to a OneLogin account with API permissions.
- An API key generated from Settings → API in your OneLogin dashboard.
- A Python environment set up with the
requestslibrary installed.
API Endpoints
- Base URL:
https://api.onelogin.com - Authentication Endpoint:
/auth/oauth2/v2/token - User Data Endpoint:
/api/1/users
Step 1: Authenticate and Get Access Token
Use your OneLogin API credentials to obtain an access token that allows you to make authorized requests.
import requests
client_id = 'YOUR_CLIENT_ID'
client_secret = 'YOUR_CLIENT_SECRET'
url = 'https://api.onelogin.com/auth/oauth2/v2/token'
headers = {'Content-Type': 'application/json'}
data = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret
}
response = requests.post(url, headers=headers, json=data)
access_token = response.json()['access_token']Step 2: Get Data for One Employee
Once authenticated, you can fetch data for a specific employee using their user ID.
user_id = 'SPECIFIC_USER_ID'
url = f'https://api.onelogin.com/api/1/users/{user_id}'
headers = {'Authorization': f'Bearer {access_token}'}
response = requests.get(url, headers=headers)
employee_data = response.json()Step 3: Get Data for All Employees
To retrieve data for all employees in your organization, send a request to the /api/1/users endpoint.
url = 'https://api.onelogin.com/api/1/users'
headers = {'Authorization': f'Bearer {access_token}'}
response = requests.get(url, headers=headers)
all_employees_data = response.json()Common Pitfalls
- Storing API keys insecurely: Always use environment variables or secure vaults instead of hardcoding credentials.
- Using outdated API versions: Check OneLogin’s documentation to ensure you’re using the latest version.
- Not handling pagination: Large datasets require pagination using parameters in the API response.
- Ignoring rate limits: Exceeding rate limits can cause your requests to fail temporarily.
- Skipping error handling: Always check for response codes other than 200 to catch authentication or data errors.
- Letting tokens expire: Refresh your token before it expires to avoid failed calls.
Frequently Asked Questions
1. How do I generate an API key in OneLogin?
Go to your OneLogin account, navigate to Settings → API, and create a new API key with appropriate permissions.
2. What’s the base URL for API requests?
Use https://api.onelogin.com for all your API calls.
3. How should I handle pagination?
Use the pagination parameters (limit, cursor, etc.) returned in the API response to retrieve large datasets in parts.
4. What happens when my token expires?
You’ll receive an authorization error. Simply re-authenticate using your client credentials to obtain a new token.
5. Can I use the API in a test environment?
Yes, OneLogin allows sandbox or test accounts for development and testing purposes.
6. Is there a limit to how many requests I can make?
Yes, OneLogin enforces API rate limits. Refer to their documentation for current thresholds and recommendations.
Knit for OneLogin API Integration
Managing API integrations, authentication, and maintenance across multiple HR systems can be complex. Knit API simplifies this by offering a single, unified API that connects with OneLogin and dozens of other HR and identity systems.
With Knit, you integrate once, and get seamless, secure, and scalable access without worrying about token management, version updates, or manual maintenance. This saves developer time and ensures reliable, ongoing connectivity.
