Authentication¶
All endpoints require a valid application ID and secret. They should be passed as arguments:
- app: this is the application identification string
- secret: the application secret string
As these are always required, they will not be listed under endpoint inputs.
Alternatively, you can use the Authorization
header with the value Bearer {app}:{secret}
or dedicated EduBase-API-App
and EduBase-API-Secret
headers.
Warning
App ID and secret key should be sent as strings. Not sending these will result in an error.
Permissions¶
API applications operate in the name of their owner (the registrator). All permissions will be inherited from this EduBase account, meaning that an API call will only succeed if that account has proper permissions set. Also, all operations will be registered to this user.
Assume user¶
To perform actions as a different user, request an assume token and submit received assume token with each request:
- assume: received assume token
Warning
Assume tokens are short-lived, you may need to request new tokens periodically. However, it is recommended to revoke assume tokens after performing all steps.
Testing it¶
It is advised to test basic functionality and correctness of calls before making advanced requests. For this reason, EduBase API service offers a testing endpoint that has no effect on any real data.
curl -d "app={app}&secret={secret}" https://www.edubase.net/api/test:app
curl -H "EduBase-API-App: {app}" -H "EduBase-API-Secret: {secret}" https://www.edubase.net/api/test:app
Tip
If you are developing an integration for a custom EduBase instance, do not forget to replace the domain name!
This should return the following (or similar) data, with HTTP 200 status code:
{"version":"default","language":"en","app":"{app}","user":"{user}","status":true}