In this article, you will be able to see the LearnWorlds API possibilities. For more detailed API documentation with code, snippets click here.
You can use our API to access our data and get information on various courses, user info, and more.
Learnworlds uses OAuth2 to allow access to its API. You can register a new App at our developer portal soon. Learnworlds expects the Access Token to be included in all API requests to the server in a header.
Client credentials grant
This grant is similar to the resource owner credentials grant except only the client’s credentials are used to authenticate a request for an access token. This grant should only be allowed to be used by trusted clients.
This grant is suitable for machine-to-machine authentication, for example for use in a cron job which is performing maintenance tasks over an API or sending information to a webhook about a new user purchase. Another example would be a client making requests to an API that don’t require the user’s permission. Keep this access_token a secret.
Resource owner credentials grant
When this grant is implemented the client itself will ask the user for their username and password (as opposed to being redirected to an IdP authorization server to authenticate) and then send these to the authorization server along with the client’s own credentials. If the authentication is successful then the client will be issued with an access token.
This grant is suitable for trusted clients such as a service’s own mobile client (for example Spotify’s iOS app). We recommend using a proxy for retrieving user access_tokens as to not expose your client_secret. By sending the user's username and password to your server and then adding the client_id/client_secret & grant to the request before forwarding it to us, you are able to achieve this.
Refresh Token grant
As you might have noticed, when using the Credentials grant you also get a refresh token. When the access token expires instead of sending the user back through the authorization code grant the client can use the refresh token to retrieve a new access token with the same permissions as the old one. We recommend using a proxy for this request also, as not to expose your client_secret.
Retrieve all courses
Get a specific course
This endpoint retrieves a specific course.
User data is also is added to the result of each course with the key me that contains if the user is a premium in the course, badges he may have acquired, and more.
All users in a course
This endpoint retrieves all users enrolled in a course.
Create a user
Add a course to a user
Retrieve User Profile
This endpoint retrieves a user’s profile which includes information on courses the user is enrolled in, certificates obtained, full basic user info, users following/followed by, groups a user is in, badges, and some useful statistics.
It redirects users from your website/application to your LearnWorlds and seamlessly logs them in with the same email address they used to sign up for your original website/application. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.
SSO with a User's Access Token
This is to be used in cases where you have a user’s access token and would like to send them to your LearnWorlds domain already logged in.
The access token should be a user access token, not your application’s. Obtaining a user’s access token can be found here.
Note: The API URL api.learnworlds.com in our API documentation is used as an example. Make sure to to submit a request for your API Keys and use the API URL that will be provided to you by our support team to make the calls on the backend.