Overview
The Student Success & Engagement (SS&E) API uses OAuth 2 for authentication.
- SS&E provides an OAuth resource server that can be used to obtain access tokens, refresh tokens and to issue API requests.
- SS&E exposes only the Authorization Code Grant OAuth flows.
Configure API Client in SS&E
Before executing an OAuth flow, an API client must be configured within SS&E.
- From the Administration page, navigate to Advanced - API Clients
- Click the "New" button
- Choose an appropriate Client Id for your integration
- Take note of your new Client Secret - This cannot be retrieved once saved!
- Set your redirect URL to the location where the OAuth code should be received (in the case of headless integrations, see the Postman example below)
- Set the access token validity time
- Press "Create"
The following information can now be used to execute an OAuth flow:
- Client Id: From above
- Client Secret: From above
- Callback URL: From above
- Scope: read
- Authorization endpoint: https://.avisoapp.com/aviso/oauth/authorize
- Token endpoint: https://.avisoapp.com/aviso/oauth/token
There are two typical cases in which OAuth is used, headless integrations for ETL or other purposes, and application integrations in which your application will call SS&E APIs on behalf of your users.
Headless API Clients
For headless integrations, you will typically want a long lived access token. Create a new API client leaving the access token validity time blank (maximum). You can then generate a token using Postman.
- Install Postman from https://www.getpostman.com/
- Create a new request
- Click the "Authorization" tab
- Choose "OAuth 2.0" for Type
- Click "Get New Access Token"
- Use the above information to fill out the fields and press "Request Token"
- Save the Access Token that is returned for use in your API calls
The token can then be included in API calls using the header name X-TOKEN.
For application integrations, you will typically use an OAuth client framework. Provide the above information to the framework to retrieve access tokens for your users. Store these tokens securely and ensure that their validity time is short (1 day or less).
Consume The API
Visit the API Methods article to learn which methods are available within the SS&E API.