Skip to content

Authentication

All endpoints require a valid application ID and secret. They should be passed as arguments:

  • app: this is the application identification string
  • secret: the application secret string

As these are always required, they will not be listed under endpoint inputs.

Alternatively, you can use the Authorization header with the value Bearer {app}:{secret} or dedicated EduBase-API-App and EduBase-API-Secret headers.

Warning

App ID and secret key should be sent as strings. Not sending these will result in an error.

Permissions

API applications operate in the name of their owner (the registrator). All permissions will be inherited from this EduBase account, meaning that an API call will only succeed if that account has proper permissions set. Also, all operations will be registered to this user.

Assume user

To perform actions as a different user, request an assume token and submit received assume token with each request:

  • assume: received assume token

Warning

Assume tokens are short-lived, you may need to request new tokens periodically. However, it is recommended to revoke assume tokens after performing all steps.

Testing it

It is advised to test basic functionality and correctness of calls before making advanced requests. For this reason, EduBase API service offers a testing endpoint that has no effect on any real data.

curl -d "app={app}&secret={secret}" https://www.edubase.net/api/test:app
curl -H "EduBase-API-App: {app}" -H "EduBase-API-Secret: {secret}" https://www.edubase.net/api/test:app

Tip

If you are developing an integration for a custom EduBase instance, do not forget to replace the domain name!

This should return the following (or similar) data, with HTTP 200 status code:

{"version":"default","language":"en","app":"{app}","user":"{user}","status":true}