Get Started

Welcome to OneId. This section walks you through your first integration — making a request, exchanging a token, and protecting an endpoint. It also points to the architecture and concept material you'll want before designing a production deployment.

Before you start

You'll need credentials for a OneId environment provided by your platform team or by RonfordDigital during a proof-of-concept engagement. This includes:

The base URL of your OneId deployment (for example https://oneid.acme-bank.co.ke).
A client ID and client secret for an application registered in your tenant.

If you don't have these, contact us.

Your first integration in three steps

1. Make an authorization request

A web application redirects a user to OneId's authorization endpoint to sign them in. After authentication, OneId returns the user to your application with an authorization code.

Your first authorization request →

2. Exchange the code for a token

Your application exchanges the authorization code for an access token by calling the token endpoint with its credentials. The access token authorizes subsequent API calls.

Token exchange walkthrough →

3. Validate the token

When your API receives a token, it validates the signature, checks the audience, and reads the claims. Use the OneId SDK or any standards- compliant JWT library.

Token validation guide →

Once you've done these three things, you have a working integration. From here, expand into the capabilities you need.

Choose your integration

OneId supports several application types, each with its own recommended flow.

title: Web application to: /get-started/quickstart/integrate-web-app

Server-rendered web app. ASP.NET Core sample with login and protected routes.

title: Single-page application to: /get-started/quickstart/integrate-spa

Browser-based SPA. Vue or React with Authorization Code + PKCE and silent token refresh.

title: Mobile application to: /get-started/quickstart/integrate-mobile

iOS or Android app using Authorization Code + PKCE with platform secure storage.

title: Backend service to: /get-started/quickstart/integrate-service

Service-to-service authentication using the Client Credentials grant.

title: Customer onboarding with eKYC to: /get-started/quickstart/first-ekyc

Run the full electronic KYC pipeline — document, biometric, sanctions, risk scoring.

title: Open Banking / FAPI to: /guides/open-banking-fapi

Build a FAPI 1.0 or 2.0 compliant client for Open Banking APIs.

Understand the platform first

If you'd rather get oriented before writing code, start here.

title: Architecture to: /get-started/architecture

How OneId's components fit together. Identity Server, Gateway, PDP, eKYC, audit pipeline.

title: What is OneId to: /get-started/what-is-oneid

Positioning, capabilities, and why self-hosted matters for regulated industries.

title: Concepts to: /guides

Tenants, tokens, clients, policies — the mental model behind the platform.

title: API Reference to: /api

Complete reference for every OneId endpoint with request and response examples.

What's next

After your first integration works, expand into:

Multitenancy — configure tenant isolation, per-tenant identity providers, cross-tenant federation.
eKYC — onboard customers with document capture, biometrics, and sanctions screening.
FAPI compliance — meet financial-grade API security requirements.
Federation — connect upstream identity providers (OIDC, SAML, social).
Deploy — install OneId in your own environment.

Get help

API reference — every endpoint documented at /api.
Architecture diagrams — see Architecture.
Compliance questions — see Compliance overview.
Direct support — contact our team.