When you use the Learning Center REST API, most functions require clients to be authenticated. There are two primary authentication mechanisms available. Which one you use depends on the usage and security levels required by the clients. The authentication is done against the client's own Learning Center API on their server or URL.
The Learning Center also supports OAUTH2 – but only for native logins, not SSO for authentication.
Basic Authentication
This should only be used on https-encrypted requests since username and passwords will be sent in clear text. If the number of API calls is more than a few, for performance reasons, the ticket-based authentication should be used instead, because they are more secure and put less performance load on the server.
To use basic authentication in the REST calls, just add Authentication to the http header in each call and include the username and password in base64 encode format.
HTTP Header Auth Example
Authorization: Basic {base64_encode(username:password)}
Javascript example:
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
}
function setAuthHeader(xhr) {
var username = $("input#username").val();
var password = $("input#password").val();
if (username != "")
xhr.setRequestHeader('Authorization', make_base_auth(username, password));
}
function execCall(jsonData, api, method) {
$.ajax
({
type: method,
url: api,
dataType: 'json',
async: true,
data: jsonData,
beforeSend: setAuthHeader,
success: function (result) {
alert(JSON.stringify(result));
},
error: (function (xhr, ajaxOptions, thrownError) {
alert(thrownError);
}),
complete: (function (xhr, status) {
})
});
}
Learning Center ticket authentication /API key
Using this is a two-phase flow. First the client needs to call the User Authentication API and get a ticket and store this locally, and then use this ticket in the following requests to the API methods that requires authentication. The first call should be to /api/v1/userauthentication/getTicket with a json data load including username and password. By default, the tickets will never expire unless ValidForHours is provided.
Get ticket API path:
Body JSON load:
{
"Username": "string",
"Password": "string",
"ValidForHours": 0
}
Result:
Guid formatted ticket: “CE1BA753-9D02-487F-BBAD-83F9CD4E0AA1”
Following calls to API should have this in the http header:
HTTP Header Auth Example
Authorization: LCTicket {ticket}
Javascript example:
function setAuthHeader(xhr) {
xhr.setRequestHeader('Authorization', "LCTicket CE1BA753-9D02-487F-BBAD-83F9CD4E0AA1");
}
function execCall(jsonData, api, method) {
$.ajax
({
type: method,
url: api,
dataType: 'json',
async: true,
data: jsonData,
beforeSend: setAuthHeader,
success: function (result) {
alert(JSON.stringify(result));
},
error: (function (xhr, ajaxOptions, thrownError) {
alert(thrownError);
}),
complete: (function (xhr, status) {
})
});
}