In this article, you will be able to see the LearnWorlds API possibilities. For a more detailed API documentation with code snippets click here.

1. Introduction

You can use our API to access our data and get information on various courses, users info and more.

2. Authentication

Learnworlds uses OAuth2 to allow access to its API. You can register a new App at our developer portal soon. Learnworlds expects for the Access Token to be included in all API requests to the server in a header.

3. Client credentials grant

This grant is similar to the resource owner credentials grant except only the client’s credentials are used to authenticate a request for an access token. This grant should only be allowed to be used by trusted clients.

This grant is suitable for machine-to-machine authentication, for example for use in a cron job which is performing maintenance tasks over an API or sending information to a webhook about a new user purchase. Another example would be a client making requests to an API that don’t require user’s permission. Keep this access_token a secret.

4. Resource owner credentials grant

When this grant is implemented the client itself will ask the user for their username and password (as opposed to being redirected to an IdP authorisation server to authenticate) and then send these to the authorization server along with the client’s own credentials. If the authentication is successful then the client will be issued with an access token.

This grant is suitable for trusted clients such as a service’s own mobile client (for example Spotify’s iOS app). We recommend using a proxy for retrieving user access_tokens as to not expose your client_secret. By sending the users username and password to your server and then adding the client_id/client_secret & grant to the request before forwarding it to us, you are able to achieve this.

5. Refresh Token grant

As you might have noticed, when using the Credentials grant you also get a refresh token. When the access token expires instead of sending the user back through the authorization code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one. We recommend using a proxy for this request also, as not to expose your client_secret.

6. Retrieve all courses

This endpoint retrieves all courses.


7. Get a specific course

This endpoint retrieves a specific course.

User data is also is added to the result of each course with the key me that contains if the user is a premium in the course, badges he may have acquired and more.


8. All users in a course

This endpoint retrieves all users enrolled in a course.


9. Create a user


10. Retrieve Users


11. Add a course to a user

This endpoint adds a course to a user. Should be used when a user has bought a course and you want to inform LearnWords of that action, as to give the user access to it.

12. Retrieve User Profile

This endpoint retrieves a user’s profile which includes information on courses the user is enrolled in, certificates obtained, full basic user info, users following/followed by, groups a user is in, badges and some user statistics.

13. Single Sign-on

It redirects users from your website/application to your LearnWorlds and seamlessly logs them in with the same email address they used to sign up for your original website/application. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.

14. SSO with a User's Access Token

This is to be used in cases where you have a user’s access token and would like to send them to your learnworlds domain already logged in.

The access token should be a user access token, not your application’s. Obtaining a user’s access token can be found here.