How to access APIs from Postman

Hi All,
I installed Tutor version 11.2.3 on Ubuntu 18.04.2 . The CMS (Studio) & LMS are up & later were configured to some public domains. I need to integrate an external java application by using API endpoints available in https://mydomain.com/api-docs/ & https://studiomyadmindomain.com/api-docs/ . When I test the api endpoints in postman ,am getting postman response,

"{“detail”:“Authentication credentials were not provided.”}

which is obvious as apis needs authentication. Tried with Basic auth ,but I suppose APIs can be accessed using OAuth 2.0 ? . If I should use OAuth then where can I get/generate Auth details (access token or get client_id , client secret etc.) so that I get a success response with data in Postman.

Thanks in advance !.

1 Like

It’s funny, I was recently looking for this exactly. As far as I know, accessing the Open edX is not documented anywhere. I found some answers by digging into the edx-platform source code.

First, it looks like every endpoint is protected by a different set of authentication mechanisms. You should check the source code of the endpoint you are interested in. For instance, the /bookmarks​/v1​/bookmarks​/ endpoint is protected by BearerAuthenticationAllowInactiveUser (among others). Here is the source code of this endpoint: edx-platform/views.py at open-release/koa.master · edx/edx-platform · GitHub

It’s relatively easy to make use of the BearerAuthenticationAllowInactiveUser authentication mechanism. You should get or create an authentication token for your user in the admin, at /admin/oauth2_provider/accesstoken/. Then, include the “Authorization” header in your request with the value "Bearer <yourtoken>".

Here is a complete example using the staff user from the demo.openedx.overhang.io platform (see docs for login and password):

$ curl "https://demo.openedx.overhang.io/api/bookmarks/v1/bookmarks/" -H "Authorization: Bearer I4rKuxsKU6sFAkHVpHOJcUXh4CWHtV"
{"next":null,"previous":null,"count":0,"num_pages":1,"current_page":1,"start":0,"results":[]}

Note that this token will no longer be valid starting from 2021-04-16T06:00:00Z, as the demo platform will be reset and the authentication token will have a different value. You should get the latest token value here: https://demo.openedx.overhang.io/admin/oauth2_provider/accesstoken/

Converting this curl command to postman is an exercise that is left to the reader.