API Authentication

Secure your API requests with proper authentication.

API Keys

Generating Keys

1. Admin > API > API Keys

2. Click "Generate New Key"

3. Set key name and permissions

4. Copy and store securely

Key Permissions

Scope your keys:

  • Read-only
  • Write access
  • Specific resources
  • IP restrictions

Using API Keys

Authorization: Bearer sk_live_xxxxx

OAuth 2.0

For User-Context Access

When acting on behalf of a user:

Authorization Code Flow

1. Redirect user to authorize:

GET /oauth/authorize?
  client_id=xxx&
  redirect_uri=xxx&
  scope=read write&
  response_type=code

2. Exchange code for token:

POST /oauth/token
{
  "grant_type": "authorization_code",
  "code": "xxx",
  "client_id": "xxx",
  "client_secret": "xxx"
}

Scopes

Available OAuth scopes:

  • read: Read access
  • write: Write access
  • users: User management
  • courses: Course management
  • grades: Grade access

Token Refresh

Access tokens expire in 1 hour.

Refresh token:

POST /oauth/token
{
  "grant_type": "refresh_token",
  "refresh_token": "xxx"
}

Security Best Practices

1. Never expose keys in client code

2. Use environment variables

3. Rotate keys regularly

4. Monitor key usage

5. Use minimal required scopes

Testing

Sandbox Environment

https://sandbox.dnlearn.org/api/v1

Use test API keys that don't affect production.

Previous
API Getting Started
Next
API Endpoints

More in API Reference

API Getting StartedAPI EndpointsWebhooks