Use API Keys to authenticate API calls
- Seth Petry-Johnson
API Keys grant access to LearningBuilder's APIs. They provide both authentication (by uniquely indicating which Member account is associated with an API request) as well as authorization (by specifying what access that key is allowed to perform).
Depending on which feature you are using them with, API Keys are either passed as HTTP Basic Authentication headers or a custom API Key header.
Using API Keys
Some LearningBuilder features use HTTP Basic Authentication. Other features support a custom “apikey” authentication scheme.
Feature | API Authentication Scheme |
|---|---|
HTTP Basic Auth | |
Custom “apikey” scheme |
Using API Keys with HTTP Basic Authentication
The API Key should be passed in an Authorization header, like so:
Authorization: Basic TWVtYmVyXzQyOjE3NmEyOGZiLWI5YzYtNDlkYy04ODRhLTY5ZDNiYzdhOWM1OA==(Use https://www.urldecoder.org/ to decode this back into its component strings)
The value of the header should be equal to Base64(“Member_<MemberId>:<Key>”)
For instance, if the Member Id is "42" and the API Key is "176a28fb-b9c6-49dc-884a-69d3bc7a9c58", then the authorization header would be Base64("Member_42:176a28fb-b9c6-49dc-884a-69d3bc7a9c58"):
You can get those pieces of information from the My Account → API Keys page.
The easiest thing to do is to click the clipboard icon, which will copy the exact header value you need to supply onto your clipboard.
Using API Keys with the “apikey” scheme
For simplicity, some APIs (for instance, the Polled Data Files feature) support a custom scheme that doesn’t rely on BASE64 encoding.
In those cases, the API Key should be passed in an Authorization header like so:
Authorization: apikey xxxxxxxxxxxxxxxxxWhere xxxxxxxxxxxxxxxxx is the Key value from the API Keys page.
In this case, do not use the clipboard icon; it will copy the Basic Auth header, but you just need the raw API Key itself.