Use the LearnUpon API without an API key
LearnUpon uses OAuth 2.0 to connect securely with other applications used in your organization. OAuth lets you use the LearnUpon API without an API key.
Admins can connect up to 3 applications to LearnUpon using OAuth 2.0.
Availability: depends on your LearnUpon plan
Contact your Implementation Consultant, or Customer Success Manager to learn more about this feature.
OAuth 2.0 overview
The OAuth 2.0 workflow as used at LearnUpon:
- the customer application requests authorization from the resource owner - in this instance, indirectly through the authorization server
- the customer application receives an authorization code - a credential representing LearnUpon's authorization for the customer
- the customer application requests an access token by authenticating with the authorization server and presenting the authorization code
- the authorization server authenticates the client and validates the authorization code, and if valid, issues an access token
- the customer application sends a request to the LearnUpon API, using the access token, to gain access
- the LearnUpon API responds
The following diagram illustrates the OAuth 2.0 workflow.
Information you need to set up your client application:
- authorization URL:
https://yourdomain.learnupon.com/oauth/authorize
- access token URL and refresh token URL:
https://yourdomain.learnupon.com/oauth/token
- recommended scope: full offline_access
- state: use an opaque value to reduce the chances of cross-site forgery
Note: OAuth 2.0 isn't currently available to set up single sign-on (SSO) in LearnUpon.
See more about configuring user access.
Set up an application using OAuth 2.0
- From main navigation, go to Settings > Integrations > OAuth.
- Select Add an app.
- In the dialog, enter
- App name, which appears in the list of OAuth apps
- App URL
- Redirect URL - you can add more than 1 redirect URL if required
- Select Create app to finish.
Optional: select Copy Client ID to copy and paste the generated client ID shown to an app setup page, or to a text editor.
The following screenshot shows a sample app's details, with the client ID obscured.
Create client secrets
Client secrets are keys, aka passwords, you generate to use with an individual app. You can create 2 keys per application.
Warning: you must copy a key as soon as you generate it. After you close the page or navigate away, LearnUpon hides the key and you can't view it again.
- From main navigation, go to Settings > Integrations > OAuth.
- Select your app from the list.
- From Client secrets, select Generate secret key.
- Select Copy to copy and paste the secret to either your app setup, or to a text editor.
Optional: generate a second key. LearnUpon hides the existing key, referring only to the date you generated it.
The following screenshot shows an example of 2 keys, with the newest one obscured.
Delete a client secret
If you "lose" a key, you must delete it and generate a new key.
- From main navigation, go to Settings > Integrations > OAuth.
- Select your app from the list.
- From Client secrets, select the delete icon for one key.
- LearnUpon opens a confirmation dialog, which reads:
Are you sure you wish to delete this secret key?
Warning: Deleting a secret key will break any current integrations using this key.
From this dialog select Delete.
The following screenshot shows the confirmation dialog.
OAuth 2.0 as an industry standard
OAuth 2.0 is a protocol that lets LearnUpon access another application, without accessing an individual password.
The OAuth 2.0 Authorization Framework is the original specification from 1992, which explains in detail how OAuth 2.0 works. LearnUpon is not responsible for content off its website.
See: