In order to use either of the public APIs, you need to first get an access token to authorize your API calls.
In order to get an access token, you need to submit your client credentials to the authorization endpoint (which then returns an access token and a refresh token).
In order to get client credentials, you must create a custom client configuration in the Echo360 UI. Don't worry; this part is easy.
Be prepared to copy the ID and Secret you generate to a separate (but secure) location; you will receive this information only once. If you lose it and need it later, you will need to generate a new API client.
To generate API client credentials
- Log in as an administrator.
- Click the Settings icon in the upper-right corner of the screen.
- From the Settings menu, select Institution Settings.
General settings appears and Basic Info is selected by default.
- On the left side of the Institution Settings page, select Integration.
- Select API Clients from the options on the left.
- The Grant Types sliders are both enabled by default. Disable the Password Credentials slider.
- Enter a Client Label that identifies this client and its use.
- Click SAVE.
A popup box appears containing the Client ID and Client Secret, both of which are required to generate the initial access token to use with API calls.
- Copy and paste the ID and Secret into Notepad or another location. You will NOT receive the secret again, however, the Client ID will be available in the Existing Client list for the client you are creating. If you have multiple API client configurations, the new one will appear at the top of the Existing Clients list. They are organized by most recently created at the top of the list.
The Client ID and refresh token can be used to generate a new access token, meaning you only need to provide the ID and Secret once to obtain the first access token and a refresh token. Access tokens expire after one hour; refresh tokens never expire but can only be used once. New refresh tokens are generated with each access token.
At this point, you can run a POST call to the access token endpoint using your preferred API client, or you can use the access token endpoint available through Swagger Docs.