To communicate with iQualify's APIs, external apps must provide a means of authentication. This prevents unauthorised access to your data.
Authentication is granted through the use of an API access token, also called bearer token. This access token is generated by iQualify when an account owner enables the API feature.
The API access token can only be viewed by account owners. When calling an API, the external app will send an “Authorisation header” containing the access token to the API’s URL, together with the API parameters. When receiving this, iQualify will check the token and either reject the access if not authorised, or accept it and perform the requested action.
This article explains how to:
Enable/disable your API access.
View your access token.
Use your access token.
Keeping your data secure
Because the API access token provides access to your learner and organisational data, you need the highest level of permission to access it: you must be an account owner.
When you obtain your token, make sure to keep it secure and do not store it anywhere that is openly accessible to others. If you do need to store it outside iQualify or to share it with your developers, it is recommended you use a password manager that allows secure sharing.
How to enable or disable API access
Account owners can enable API access within iQualify settings (found under your avatar).
Under the left menu, choose API access.
To enable access, tick Enable (to disable access, untick).
Then use Update to save your changes.
Notes
When you enable API Access, an API access token will be generated for you. It won’t be visible to you until you have read and agreed to the security statement on that page.
When you disable API Access, any previously generated API access token will become invalid and any previously configured calls to the API will be rejected as unauthorised. Disabling must therefore be done after careful consideration of its implications.
When you re-enable API Access after having disabled it, a new API access token will be generated, and it is this new token that must be used to access the API.
How to view your API access token
To view your API access token, head to API access within iQualify settings.
Make sure API access is Enabled (see above)
Read the security statement and choose Agree.
Your API access token will be displayed in the form:
Bearer xxxxx
Where xxxxx is a long encrypted string.
You will need to copy this token and paste it into the appropriate fields of the tool you are using to access the API (see below for further information).
Note: Your API token should always be kept secure and private! It provides high level access to your organisational and learner information.
How to use your API token
I have my API token, how do I get started?
You will need the API access token when you:
Try out an API on our API developer site.
Access our API via coding - the API Access page shows an example of a curl statement, and the developer site above provides all the info you need.
Access our API via an API testing tool like Postman.
Access our API using an automation tool like Zapier.
They will all request you to enter something like an “Authorization header” (with a 'z'), which ultimately looks like this:
Authorization: Bearer xxxxx
Note: In some cases you need to paste the entire token including the word “Bearer” followed by a space and the encrypted string. In other cases you only need the encrypted string. It depends on the interface that the tool offers for entering the Authorization header.
If you have any questions or need any support setting up your API calls, please contact us.