Skip to content


All endpoints require a valid application ID and secret. They should be passed as arguments:

  • app: this is the application identification string
  • secret: the application secret string

As these are always required, they will not be listed under endpoint inputs.


App ID and secret key should be sent as strings. Not sending these will result in an error.


API applications operate in the name of their owner (the registrator). All permissions will be inherited from this EduBase account, meaning that an API call will only succeed if that account has proper permissions set. Also, all operations will be registered to this user.

Assume user

To perform actions as a different user, request an assume token and submit received assume token with each request:

  • assume: received assume token


Assume tokens are short-lived, you may need to request new tokens periodically. However, it is recommended to revoke assume tokens after performing all steps.

Testing it

It is advised to test basic functionality and correctness of calls before making advanced requests. For this reason, EduBase API service offers a testing endpoint that has no effect on any real data.

curl -d "app={app}&secret={secret}"


If you are developing an integration for a custom EduBase instance, do not forget to replace the domain name!

This should return the following, with HTTP 200 status code: