I am trying to get the access token from postman using client ID and client Secret, but the response from the postman is “INVALID CLIENT”, why i am getting this response instead of access token?
I am followin this doc to get client ID and client Secret 2. Authenticating as an edX REST Web Service User — EdX Course Catalog API User Guide documentation
Hello! This is how I usually request the token:
is there something different? can you attach your Django Oauth Toolkit application setup?
Hi! I’ve moved your question to the “Development” topic. Choosing the right topic when you make a post is important for visibility; the default (“Community”) is almost never what you want.
Hi @venkatsai1234,
It’s not clear what could be causing that response without additional information. Here is how we generate our keys to access our API using Tutor, but the instructions should apply to other installation methods. I hope it helps!
These instructions explain how to generate an OAuth token to access the API endpoints using Authorization Bearer
on Open edX. This method demonstrates one of the several ways of accessing the API.
Create an API User (optional)
This step is optional if you already have a user that you want to use for API access. We haven’t tested it, but you can probably give specific permissions to a non-superuser account. There is some security risk to giving your API user admin rights.
tutor local createuser --staff --superuser api-user api@example.com
Create the Application API
The first step is to create an OAuth API application.
-
Log into your LMS admin panel at
https://your-edx/admin
. -
Navigate to
OAuth Applications
athttps://your-edx/admin/oauth2_provider/application/
-
Press the `Add Application button.
- Client id: <default>
- User: Find the user to grant API access
-
Client type:
confidential
-
Authorization grant:
client credentials
- Client secret: <default>
- Name: Enter the name of the API application
-
Save the OAuth application.
Create an Access Token
Next, you will create an access token for the API user to access the API application
-
Navigate to
Access tokens
athttps://your-edx/admin/oauth2_provider/accesstoken/
. -
Press the
Add Access Token +
button.- User: Select the user that you gave access to in the OAuth application
- Source refresh token: Leave blank
- Token: Enter a random CodeIgniter Encryption Key
- Application: Select the OAuth application
- Expires: Set the expiration date for the access token
-
Save to access token
Testing and Using the API
Tip: Use the API Docs page to generate the API URL.
Using API-DOCS Test site
-
First, open the API docs page (
https://your-edx/api-docs
) and log in using your API user with admin rights. -
Find an API endpoint to test, such as a GET request for
/course_modes/v1/courses/{course_id}/
- Press the
Try it out
button - Enter a course_id
- Press the
Execute
button - Verify that the HTTP response code is 200 and that the response body contains valid data.
Take note of the
Request URL
. You will need to use this URL when usingcurl
because it escapes the characters in the course ID - Press the
Using curl
You can use curl
to access the API remotely using this syntax:
curl "<URL>" -H "Authorization: Bearer <ACCESS_TOKEN>"
-
URL: Use the
Request URL
from the API-DOC test - ACCESS_TOKEN: Use the access token for your API user
Thank you @TonyH @mgmdi @sarina for the valuable information, i will try to implement whatever u have given @TonyH and will inform you @mgmdi if it is different in my Django pannel.
Thank you @TonyH been struggling whole day and now it works like charm! very clear and helpful
Hi @TonyH
- I was able to create a CCX class
But can’t delete via API, I get an error detail":"You do not have permission to perform this action - I would be happy to receive an explanation in the creation of USER does not work for me
Hi @David_Sperber,
Unfortunately, I do not have experience using CCX. Some actions might require the user to be part of the course. Also, I have not tried creating a user through the API. My suggestion is to find the API code in the code repository and then see what requirements are missing or incorrect. I know that the api-docs
page was incomplete, meaning you needed to find the required args from the function declaration itself.
Kind regards,
Tony
I can not access api http://lms.xxxxxx/api/user/v1/users/?page=10&page_size=10
show massage {“detail”:“You do not have permission to perform this action.”}
but i can access http://lms.xxxxxx/api/user/v1/me
if i want access api/user/v1/users/?page=10&page_size=10 How to config?
@choltha, that’s a good question. I haven’t tried getting all users through the API. Here are some things you might try:
- Try getting the list of users using
curl "<domain>/api/user/v1/users/?page=10&page_size=10" -H "Authorization: Bearer <ACCESS_TOKEN>"
to see if the code is the same using the API user, not the logged in user - Verify that the API user has access to all users
- The API might limit getting all users due to security. In which case, you’ll have to find another way. For example, have an offline list of all user and then have your code call the API to get each user’s detail, such as:
GET /api/user/v1/accounts/{username}/
@TonyH
Thank you.
I can’t find the token for my Open edX when I used the API tester Bruno with the api/user/v1/account/login_session
endpoint.