Authentication
An API client needs an account to make use of the API. Every account is assigned a unique account ID. This forms part of the API call. For example:
https://api.englishlanguageitutoring.com/v2.3.0/account/1fgd-43d/....
The account ID is a maximum of 40 characters and can contain alphanumeric characters or hyphens.
Every account also has an access token which is used for authentication. This must not be revealed to third parties. This is a maximum of 40 characters and can contain alphanumeric characters or hyphens. The access token must be passed in the HTTP Authorization request header in the following format:
Token token=123abc-456def
where 123abc-456def
is an example access token.
In addition, each account has an IP address whitelist so it is possible to limit your access to the API to come from a particular set of IP addresses. This is useful if you always access the API from a fixed set of addresses and want to ensure that your account cannot be used from elsewhere.
If an incorrect account ID or access token is used, the following response is returned:
HTTP status code: 401
Response body JSON:
{"type": "error", "code": 401, "message": "invalid authentication credentials"}