OneLogin’s Collection for Injecting Webhooks at Login Time

Kin Lane

June 14, 2021

Webhooks are a way to make simple web APIs a two-way street. Whenever you make a simple web API call, you make a request to an API and get a response back—but with webhooks, it works the other way around: The API makes a call to any URL you provide, sending a request when a specific event occurs. Webhooks are used in many innovative ways by API providers, and we recently learned about Smart Hooks from our network partner OneLogin, which is pushing the webhooks conversation forward by triggering them upon one of the most important events out there—when a user logs in to an application.

OneLogin is a cloud-based identity and access management provider that provides a wealth of authentication, authorization, identity, and access management collections in their public workspace. These next-generation collections help developers configure and enable pre-authentication webhooks that execute common events when triggered, and the Smart Hooks – OneLogin API collection particularly caught our eye. These are just a few of the canned pre-authentication Smart Hooks that OneLogin provides in their collection:

• Deny Access Based Upon Country Code
• Require Multi-Factor Based Upon Country Code
• Change User Policy Based Upon Browser Type
• Change User Policy for Mobile Devices
• Change User Policy by IP Range
• Post to Slack on High-Risk Login
• Switch to Cisco AnyConnect Policy Based on User Agent

You can program any kind of function you desire using the OneLogin API, injecting hooks into the authentication flow. This opens up a whole new critical layer of our applications to API automation and orchestration, and it helps make the login process more secure. Plus, it reduces friction for end users by automating away extra tasks that should occur each time they log in to an application. Accomplishing common everyday tasks at the login layer becomes so much easier, while our applications become more secure and observable using webhooks.

Start exploring Smart Hooks today

To learn more about Smart Hooks from OneLogin, you can head over to their public workspace to get hands-on with the Smart Hooks collection. The collection contains everything you need to create and manage Smart Hooks, including the environment variables you can work with to configure each hook. OneLogin provides a suite of ready-made hooks for you to choose from and reverse engineer, but we are counting on Postman users to bring the innovation to the table when it comes to creating your own custom Smart Hooks. Things will get really exciting the more we have developers down in the trenches of the enterprise writing custom hooks to get work done at the authentication layer we all depend on within the desktop, web, mobile, and device applications we are building with APIs.