The Classy API follows the OAuth2 protocol for authentication. The API credentials provided to your application by Classy allow your application to retrieve an access token, granting access to Classy APIs.
Your Classy API credentials consist of:
client_id - Unique string that identifies your application (e.g. "75651c06c1056579497b957715144ea0")
client_secret - Authorization string that when paired with your client_id allows your application to retrieve access tokens. Keep this value secret.
Registered Applications will require a client_id and a client_secret in order to fetch an access token to communicate with the Classy API. Your client_secret is secure information that should not be shared, hard-coded into an application, or pushed into a public repository.
API credentials may be created through your organization’s admin dashboard.
All API calls require a valid access token. Access tokens must be provided through Authorization headers in the API request.
An app access token is a token that is tight to your application instead of a specific user. Such a token grants read and write access to the API resources that belong to your organization.
To retrieve an app access token, you must use your API credentials ("client_id" and "client_secret") you obtained when registering your app, and make the following request:
Sample cURL request:
Sample token response:
"expires_in" defines the lifetime of the token in seconds. When your app access token is expired, you must renew this call to get a new one.
To be authenticated a request must send an access token through the Authorization HTTP header. The Classy API only supports "Bearer" access tokens.
HTTP request with access token:
If the access token was shipped with a refresh token, the refresh token can be used to generate a new access token if the original one expired: