Authentication Service

API V2 reference

This page applies to SCORM Cloud API V2. If you're looking for our V1 api reference see here

Authentication Service


This service has a sole method which will provide OAuth2 tokens. While the valid scope parameters are provided in the documentation for each of the methods, a list of the possibilities might be helpful|

Scope Description
read Grants read access
write Grants write access
delete Grants deletion access
admin Grants read, write, and account management access
read:course Grants read access to course methods
write:course Grants write access to course methods
delete:course Grants deletion access to course methods
read:dispatch Grants read access to dispatch methods
write:dispatch Grants write access to dispatch methods
delete:dispatch Grants deletion access to dispatch methods
read:invitation Grants read access to invitation methods
write:invitation Grants write access to invitation methods
delete:invitation Grants deletion access to invitation methods
read:ping Grants read access to the ping method
read:registration Grants read access to registration methods
write:registration Grants write access to registration methods
delete:registration Grants deletion access to registration methods
read:reporting Grants read access to reporting methods
read:xapicredential Grants read access to xapi credential methods
write:xapicredential Grants write access to xapi credential methods
delete:xapicredential Grants deletion access to xapi credential methods
read:xapipipe Grants read access to xapi pipe methods
write:xapipipe Grants write access to xapi pipe methods
delete:xapipipe Grants deletion access to xapi pipe methods
read:appmgmt Grants read access to app management methods
write:appmgmt Grants write access to app management methods
delete:appmgmt Grants deletion access to app management methods
read:learner Grants read access to the learner methods
write:learner Grants write access to the learner methods
read:about Grants read permission for the about method


Note:

One should be particularly careful with long lived tokens of significant privilege, as tokens may not be deleted or updated.


getAppToken

POST /oauth/authenticate/application/token

Summary

Creates, signs and returns an OAuth2 token based on the provided permissions, if the credentials used to request the token have the permissions being requested.

Note:

The token is not stored and therefore can not be modified or deleted. The requested permissions are encoded in the token which is then signed. As long as the secret used to create it is not changed the token will be valid until it expires.

Parameters

Consumes: application/x-www-form-urlencoded

Type Name Required Schema
Form scope true String
Form expiration false Integer

Responses:

Produces: application/json

HTTP Code Description Schema
200 Successful token authentication request ApplicationToken
400 Bad request MessageSchema

Authentication:

Type Name Scopes
basic APP_NORMAL