Badgekit User API - mozilla/openbadges-badgekit GitHub Wiki
In the BadgeKit app, the settings section allows you to manage user accounts for issuing personnel. BadgeKit users may also be added and removed (or have their permissions modified) via API calls. Note that these calls are not to BadgeKit API, but to BadgeKit itself.
The endpoints are:
- POST /api/user
- DELETE /api/user
Expected request
Requests should be sent as application/json.
HTTP/1.1
Content-Type: application/json
{
"auth": (encoded JWT, see below),
"email": "[email protected]",
"context": { "system": "SystemSlug", "issuer": "IssuerSlug", "program": "ProgramSlug" },
"permissions": { "canDraft": true, "canPublish": false, "canReview": true }
}
Notes:
issuerandprogramwithincontextare optional (these are admin levels you can use in BadgeKit)- If a permission type is omitted, it defaults to false
permissionsis not required (and has no effect if included) for DELETE requests.
Authentication
The auth parameter of the request should be encoded as a JWT token using the BadgeKit User API's secret (note that this is NOT the same as BadgeKit API's secrets). Supported algorithms are HS256, HS384, HS512 and RS256. The decoded JWT should be structured as follows:
{
"prn": {
"email": "[email protected]",
"context": { "system": "SystemSlug", "issuer": "IssuerSlug", "program": "ProgramSlug" },
"permissions": { "canDraft": true, "canPublish": false, "canReview": true }
},
"method": "POST",
"exp": 1400819380,
"typ": "JWT"
}
If you're using a self-hosted instance of BadgeKit, you can configure your User API secret during installation. If you're using the Mozilla-hosted version of BadgeKit and want to access the User API, get in touch and we'll give you the information you need!