Cross-Origin Resource Sharing support


Your browser knows a trick to prevent hackers from accessing your api’s using your session: the same-origin policy. It makes sure your api's can't be accessed by malicious websites. Let's say you're logged in on and open another tab in your browser and access Your browser shares sessions between tabs, so without the same-origin policy, could access all the api's from your facebook account using your session. Thank you same-origin policy for not letting post all kinds of things on my facebook account.

Read More

Meet Onegini at European Identity & Cloud Conference 2017 | Kuppingercole | May 9 - 12

The European Identity & Cloud Conference 2017, taking place May 9 – 12, 2017 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, is Europe’s leading event for Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security.

Read More

Security Proxy 2.0: The Security Proxy as a Resource Gateway

Ever struggled to provide end-to-end security from your backend API's to your mobile apps? How to make them OAuth 2.0 compliant? Maybe you use an API Gateway like CA API Gateway or Apigee’s API Gateway or Akana. You may have noticed their primary focus isn't mobile. Maybe you don't have an API Gateway, but you have REST API’s that you partially want to open up to your customers. Your backend developers would like to reuse existing security protocols like basic auth while your app developers just want to focus on the functionality in the app.

I’ll explain in this blog how Onegini helps you solve this issue, so you can start opening up your backend to mobile users in weeks. And now with the Security Proxy 2.0 release, it will even go faster, because your API architecture can remain as is. But first, let's take a step back and see how the Security Proxy 1.0 worked.

Security Proxy 1.0, an introduction
feel free to skip if you are already familiar with our solution

The Onegini MSP takes care of OAuth 2.0 token management between mobile device and server through native mobile SDK's. The solution manages authentication through biometrics or PIN after which an backend API can be requested. A high level picture of this process is shown below (see our docs for a full component overview). 

Read More

Onegini at Holland Pavilion during the Mobile World Congress in Barcelona

With just a few more weeks to go the preparations for the Mobile World Congress are in full effect. Denis, Jeroen, Vincent and Bas are gearing up for this action packed event and meetings have been scheduled. New demo's are being fine-tuned and tested, the team has started working out for the miles of walking and the hours of talking, comfortable and sensible shoes are Googled so all in all we feel confident we will have a successful MWC. 

Read More

Collaboration Incentro and Onegini for a Safe and Smart User Experience


January 16, 2017, Woerden, The Netherlands Incentro and Onegini have announced they will be collaborating to provide their customers with a safer and smarter user experience for end users.  The ‘My-Domain’ environment is being developed by Mendix and Xamarin application development with a Onegini log-in.  Companies can therefore conveniently offer their customers flexibility and secure log-in capabilities.

Read More

Onegini is one of the FAB 30 “Coolest Tech Companies”!

Onegini Dutch Tech Fab 30 2016

Amazing, just before years end we received word that we are one of the 30 Coolest Tech companies in The Netherlands by theMETISfiles. We have been working tirelessly  to create a product that benefits consumers, offering them a frictionless experience. But as with a lot of software tech products it is not tangible and thus hard to explain to people. We are very proud to be named a Cool Tech company!

Read More

Has once again been recognized by CIOReview as one of 20 most promising API Solution Providers

CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solution providers, upcoming hot enterprises and is a neutral source for technology decision makers.

Read More

On-demand Webinar: How to extend you API Security to Mobile Apps to create End-to-End security?

Apigee a Google Cloud Platform company and Onegini will cover the security on API level and on mobile level to help you understand what to look for when opening up your data to the outside world and achieve real end-to-end security. 

Read More

Onegini Client Advisory Board Meeting

On November 24th we held our first client advisory board meeting. With a select group of customers we have discussed our roadmap and other relevant topics for the coming years. It was held at the exclusive Rembrandt Tower Boardroom with catering from Michelin star restaurant De Nederlanden

Read More