When your application wants to access GO1 API Resources for the first time, these steps take place:
- Your application redirects the user to GO1
- The user logs into GO1
- The user selects which portal to grant access to
- The user authorizes your application to access the requested GO1 API Resources
- Your application receives a response that will facilitate an access token it can use for API requests.
GO1 users belong to one or more portals. This API only supports accessing data from one portal at a time. If you need to retrieve data from multiple portals you will need to authenticate with each portal and separately request the data.
You can can get your credentials by contacting email@example.com or programmatically.
This functionality is not part of the OAuth2 specification but it works by overloading it. It is discouraged, but if you find you need to generate application credentials on demand this is how to do it:
- Set your client_id to any value except an already existing client id.
new_client=MyClientNameto your query string, where MyClientName is how you want to name your client.
- When the OAuth flow completes, you'll receive two extra parameters in the query string or fragment:
- client_id: The newly created client id
- client_secret: The secret of your new client id
- Store your new client id and secret and continue with the standard flow.
There is a specific set of access rights your application can request:
- account.read: Read account information
- enrollment.read: Read enrollment data
- enrollment.write: Modify enrollments
- lo.read: Access learning objects data, like courses and collections.
- lo.write: Modify learning objects
- portal.read: Read portal configuration
- portal.write: Modify portal configuration
- user.read: Read user data
- user.write: Modify users
- webhook.read: Read webhook configuration
- webhook.write: Modify webhook configuration
Your application should know beforehand what operations it needs to do and request the appropriate scopes.
If further down the road you need additional scopes, you'll need to request a new access token.
Trying to access a GO1 API Resource without the right scopes will return a 403 Forbidden HTTP status code.