Api access token-tutor

I am trying to get the access token from postman using client ID and client Secret, but the response from the postman is “INVALID CLIENT”, why i am getting this response instead of access token?
I am followin this doc to get client ID and client Secret 2. Authenticating as an edX REST Web Service User — EdX Course Catalog API User Guide documentation

Hello! This is how I usually request the token:

is there something different? can you attach your Django Oauth Toolkit application setup?

Hi! I’ve moved your question to the “Development” topic. Choosing the right topic when you make a post is important for visibility; the default (“Community”) is almost never what you want.

Hi @venkatsai1234,

It’s not clear what could be causing that response without additional information. Here is how we generate our keys to access our API using Tutor, but the instructions should apply to other installation methods. I hope it helps!


These instructions explain how to generate an OAuth token to access the API endpoints using Authorization Bearer on Open edX. This method demonstrates one of the several ways of accessing the API.

Create an API User (optional)

This step is optional if you already have a user that you want to use for API access. We haven’t tested it, but you can probably give specific permissions to a non-superuser account. There is some security risk to giving your API user admin rights.

tutor local createuser --staff --superuser api-user api@example.com

Create the Application API

The first step is to create an OAuth API application.

  1. Log into your LMS admin panel at https://your-edx/admin.

  2. Navigate to OAuth Applications at https://your-edx/admin/oauth2_provider/application/

  3. Press the `Add Application button.

    • Client id: <default>
    • User: Find the user to grant API access
    • Client type: confidential
    • Authorization grant: client credentials
    • Client secret: <default>
    • Name: Enter the name of the API application
  4. Save the OAuth application.

Create an Access Token

Next, you will create an access token for the API user to access the API application

  1. Navigate to Access tokens at https://your-edx/admin/oauth2_provider/accesstoken/.

  2. Press the Add Access Token + button.

    • User: Select the user that you gave access to in the OAuth application
    • Source refresh token: Leave blank
    • Token: Enter a random CodeIgniter Encryption Key
    • Application: Select the OAuth application
    • Expires: Set the expiration date for the access token
  3. Save to access token

Testing and Using the API

Tip: Use the API Docs page to generate the API URL.

Using API-DOCS Test site

  1. First, open the API docs page (https://your-edx/api-docs) and log in using your API user with admin rights.

  2. Find an API endpoint to test, such as a GET request for /course_modes/v1/courses/{course_id}/

    • Press the Try it out button
    • Enter a course_id
    • Press the Execute button
    • Verify that the HTTP response code is 200 and that the response body contains valid data.

    Take note of the Request URL. You will need to use this URL when using curl because it escapes the characters in the course ID

Using curl

You can use curl to access the API remotely using this syntax:

curl "<URL>" -H "Authorization: Bearer <ACCESS_TOKEN>"
  1. URL: Use the Request URL from the API-DOC test
  2. ACCESS_TOKEN: Use the access token for your API user
4 Likes

Thank you @TonyH @mgmdi @sarina for the valuable information, i will try to implement whatever u have given @TonyH and will inform you @mgmdi if it is different in my Django pannel.

Thank you @TonyH been struggling whole day and now it works like charm! very clear and helpful

1 Like

Hi @TonyH

  1. I was able to create a CCX class
    But can’t delete via API, I get an error detail":"You do not have permission to perform this action
  2. I would be happy to receive an explanation in the creation of USER does not work for me

Hi @David_Sperber,

Unfortunately, I do not have experience using CCX. Some actions might require the user to be part of the course. Also, I have not tried creating a user through the API. My suggestion is to find the API code in the code repository and then see what requirements are missing or incorrect. I know that the api-docs page was incomplete, meaning you needed to find the required args from the function declaration itself.

Kind regards,
Tony

I can not access api http://lms.xxxxxx/api/user/v1/users/?page=10&page_size=10
show massage {“detail”:“You do not have permission to perform this action.”}

but i can access http://lms.xxxxxx/api/user/v1/me

if i want access api/user/v1/users/?page=10&page_size=10 How to config?

@choltha, that’s a good question. :thinking: I haven’t tried getting all users through the API. Here are some things you might try:

  • Try getting the list of users using curl "<domain>/api/user/v1/users/?page=10&page_size=10" -H "Authorization: Bearer <ACCESS_TOKEN>" to see if the code is the same using the API user, not the logged in user
  • Verify that the API user has access to all users
  • The API might limit getting all users due to security. In which case, you’ll have to find another way. For example, have an offline list of all user and then have your code call the API to get each user’s detail, such as: GET /api/user/v1/accounts/{username}/

@TonyH
Thank you.

I can’t find the token for my Open edX when I used the API tester Bruno with the api/user/v1/account/login_session endpoint.