edx-platform REST API Concepts

APIs in the edx-platform fall into one of two categories.

1. Personal APIs that only let you manipluate resources related to your user (the single user associated with the OAuth2 Application)

2. Machine-to-machine APIs that allow you to manipulate other users and system resources so long as the user associated with the OAuth2 application has the permissions to do so.

The best way to interact with the APIs is to get a JWT Token associated with a user and then pass that to the server as a part of the request header.

You can get a JWT one of two ways:

1. Exchange the username and password for a user to get their JWT (see Get a JWT with a Username and Password)

2. Get a JWT associated with an OAuth2 Application (the application is associated with your user) that allows you to manipulate other users and system resources so long as the user associated with the OAuth2 application has the permissions to do so. (see Get a JWT with a client_id and client_secret)

Note

JWTs by default expire every hour so when they expire you’ll have to get a new one before you can call the API again.

See also

• How To Use the REST API

• Authentication Related Code Samples

• OAuth2, JWT and Mobile

• Open edX Rest API Conventions

• edX Enterprise REST API Auth Guide