Guides

Authentication

Learn how to securely access the API.

Suggest Edits

Our API v2 uses the OAuth 2.0 framework with the Client Credentials grant type for secure, server-to-server authentication and authorization.

Key components

  • API credentials: A client ID and client secret that uniquely identify and authenticate your application.
  • Scopes: The permissions that define the level of access to API resources.
  • Access token: A bearer token issued by the authorization server.

Token expiration

An access token is valid for 1 hour. After that, you'll need to request a new token to maintain access.

Authentication process

For the authentication process, you'll need:

  • Active API credentials (client ID and client secret).
    • If you're a platform admin, you can create, edit, and delete API credentials in the API v2 admin panel on the 360Learning web app.
    • If you're not an admin, ask your platform admin to share the API credentials with you.
  • Necessary scopes for your application's access level.

With these ready, follow the steps below to authenticate with our API.

Step 1: Create an access token

Exchange your API credentials for an access token using the

Create an access token endpoint. Here’s an example of the request:

curl --request POST \
     --url https://app.360learning.com/api/v2/oauth2/token \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "grant_type": "client_credentials",
  "client_id": "your_client_ID",
  "client_secret": "your_client_secret"
}
'

If successful, the authorization server responds with an access token:

{  
  "token_type": "Bearer",  
  "access_token": "your_access_token",  
  "expires_in": "3600"  
}

Step 2: Make an authenticated request

All requests to our API v2 must include:

  • A valid access token in the Authorization header.
  • The version in the 360-api-version header.

Here's an example of a request:

curl --request GET \
     --url https://app.360learning.com/api/v2/groups \
     --header 'accept: application/json' \
     --header '360-api-version: v2.0' \
     --header 'authorization: Bearer your_access_token'

Step 3: Handle token expiration

Access tokens expire after 1 hour, so you must request a new token periodically. Set up a process to automatically re-authenticate when the token expires.

Updated 3 months ago