Guides
Start typing to search…

Authentication

Learn how to securely access the API.

API v2 uses the OAuth 2.0 framework with the Client Credentials grant type for secure, server-to-server authentication and authorization.

Key components

  • API credentials: A client ID and client secret that uniquely identify and authenticate your client.
  • Scopes: The permissions that define the level of access to API resources.
  • Access token: A bearer token issued by the authorization server.

Token expiration

An access token is valid for 1 hour. After that, you'll need to request a new token to maintain access.

Authentication process

For the authentication process, you'll need:

  • Active API credentials (client ID and client secret).
    • If you're a platform admin, you can create, edit, and delete API credentials in the API v2 admin panel on the 360Learning web app.
    • If you're not an admin, ask your platform admin to share the API credentials with you.
  • Necessary scopes for your application's access level.

With these ready, follow the steps below to authenticate with our API.

Step 1: Create an access token

Exchange the API credentials for an access token using the

Create an access token endpoint. If successful, the authorization server responds with an access token

Example request

curl --request POST \
     --url https://app.360learning.com/api/v2/oauth2/token \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "grant_type": "client_credentials",
  "client_id": "your_client_ID",
  "client_secret": "your_client_secret"
}
'

Example response

{  
  "token_type": "Bearer",  
  "access_token": "your_access_token",  
  "expires_in": "3600"  
}

Step 2: Make an authenticated request

All requests to our API v2 must include:

  • A valid access token in the Authorization header.
  • The version in the 360-api-version header.

Example request

curl --request GET \
     --url https://app.360learning.com/api/v2/groups \
     --header 'accept: application/json' \
     --header '360-api-version: v2.0' \
     --header 'authorization: Bearer your_access_token'

Step 3: Handle token expiration

Access tokens expire after 1 hour, so you must request a new token periodically. Set up a process to automatically re-authenticate when the token expires.


Updated 11 days ago