Authenticate Against the Application Management Service

Authenticate Against the Application Management Service


There are a certain set of endpoints belonging to the Application Management service that require a special kind of credential:

  • GetApplications
  • GetApplicationInfo
  • CreateApplication
  • UpdateApplication
  • DeleteApplication
  • GetCredentials
  • CreateCredential
  • UpdateCredential
  • DeleteCredential

Instead of your normal App ID / Secret Key pair, the credentials for a special App Management App will need to be used instead.

The reason these endpoints require a different kind of credential is because the resource they work with are applications. We didn’t want every application you’ve created to have the ability to modify how another one operates, so having an application specific to application management allows for a single credential that has control over all the other applications. Don’t worry though, it is only scoped to work with that specific set of endpoints. Any call to a different endpoint will fail; meaning it can’t access any specific data that belongs to another application.

Where Do I Find My App Management App Credentials?

The App Management App can be found with your other applications on the Apps / API page of your SCORM Cloud account. If you haven’t already created one, just hit the Add Management Application button. Once you have created one, that button will disappear and the App Management App will be somewhere in your list of applications. The rest of the process is exactly the same as working with App ID / Secret Key pairs:

Click on the Details link next to the name of one of the applications. The App ID will be shown at the top of the details page, secret keys can be found under Authorization Keys. If there are none present, just hit the Add Key button. Any active secret key (toggle switch is on) can be used as part of your API credentials.

How Do I Use My App Management App Credentials?

The App Management App has an App ID / Secret Key pair just like normal applications. This pair is added to API requests through an HTTP Basic Auth header. For more details on what Basic Auth is, see the MDN Documentation.

To add your credentials to the request, you’ll first need to encode the credentials. Take the App ID and Secret Key you got in the step above and concatenate them together with a : in between, e.g., AppId:SecretKey. Then you will Base64 encode that new string to get something that looks like: SVc0UlZIVk5FMTpTZWNyZXRLZXlBYUJiQ2NEZEVlRmZHZ0hoSWlKaktrTGxNbU5uT28=.

Once you have that done, you can simply add it to a request like so:

curl --location --request GET 'https://cloud.scorm.com/api/v2/appManagement/applications' \
     --header 'Authorization: Basic SVc0UlZIVk5FMTpTZWNyZXRLZXlBYUJiQ2NEZEVlRmZHZ0hoSWlKaktrTGxNbU5uT28='

Many of the endpoints that require the use of the App Management App will have a parameter for a childAppId. This parameter is the App ID of the application you are looking for information on. For example, if you have an application, App 1, providing the App ID for that application will provide information regarding App 1.