Application Programming Interface (APIs) is an interface that allows one application to communicate with another via commands designed by programmers. APIs, either public or private, serve as instruction booklets that allow different systems to communicate using predefined commands
This article provides a list of the LearnWorlds API endpoints to help you scale your usage on the platform.
You can use our API to get information on a number of entities, such as courses, user info, bundles, subscriptions, promotions, payments, certifications, and more.
Ensure that you're utilizing the latest version of the LearnWorlds API, as version 1 is no longer supported. Our API documentation extensively covers the current version, enabling you to access the latest features and functionalities.
Authentication
Learnworlds uses OAuth2 to allow access to its API. You may request credentials to use the API via your School (under Settings → Developers → API). Learnworlds expects the Access Token to be included in all API requests to the server in a header.
- Client credentials grant
The client’s credentials are used to authenticate a request for an access token. This grant should only be allowed to be used by trusted clients. It is suitable for machine-to-machine authentication, for example, for use in a cron job that performs maintenance tasks over an API. Another example would be a client requesting an API that doesn’t require the user’s permission. Keep this access_token a secret.
- Resource owner credentials grant:
When this grant is implemented, the client itself will ask the user for their username and password (as opposed to being redirected to an IdP authorization server to authenticate) and then send these to the authorization server along with the client’s own credentials. If the authentication is successful, then the client will be issued an access token. This grant is suitable for trusted clients such as a service’s own mobile client (for example, Spotify’s iOS app).
- Refresh Token grant:
As you might have noticed, when using the Resource owner credentials grant, you also get a refresh token. When the access token expires, instead of sending the user back through the authorization code grant, the client can use the refresh token to retrieve a new access token with the same permissions as the old one.
We recommend using a proxy for both requests, so as not to expose your client_secret.Single Sign-on
It redirects users from your website/application to your LearnWorlds and seamlessly logs them in with the same email address they used to sign up for your original website/application. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.
You can find more information on implementing a) SSO with a User's Email or User ID and b) SSO with a User's Access Token here.
The API URL api.learnworlds.com in our API documentation is used as an example. Make sure to submit a request for your API Keys and use the offered API URL to make the calls on the backend.Endpoints
Existing and legacy API calls will remain intact, so no existing setup is expected to break, although we do recommend using our updated endpoints. You can also find the documentation of the previous version here.