Rest API Documentation
- Updated On 06 Jan 2021
- 1 Minute To Read
-
Print
-
DarkLight
Microsoft Community Training platform exposes its APIs for integration with another service or application. You can use the APIs to automate flows and build new capabilities on top of the out-of-the-box features part of the training platform.
In this article, you will learn more about the API signatures and their authentication flows in respective sections.
API Signatures
To access the Rest API signatures for the APIs exposed by the Microsoft Community Training platform, a user can open the following JSON file in Swagger Editor.
API Authentication
A user can authenticate for using the Microsoft Community Training APIs by either of the following methods.
Method 1 : Service to Service Authentication
To obtain the access token programmatically, follow this document for service to service authentication.
Method 2 : Authentication via Tokens
To obtain the access token manually (for testing purposes), follow these steps,
- Open the browser.
- Open the inspect window. (Shortcut: Press Ctrl + Shift + I or Right-click and select Inspect)
- In Inspect window, go to Network Tab
- Now in the browser, call the URL :https://{your-MCT-portal-domain}/ExternalAuthentication/Login.
For example: To get token for mctdemo2.azurefd.net instance, we can call mctdemo2.azurefd.net/ExternalAuthentication/Login - Enter you credentials in the login page. Click on Sign-in.
- In Inspect window, under Network tab, click on Callback option.
- Under headers, you would see a category ‘location’ which contains the Access Token and Refresh Token.
- Use the AccessToken to call the Rest APIs (Ex. bearer AccessToken)
curl --location --request GET 'https://contoso.azurefd.net/api/v2/Profile' \--header 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL21lcmNhZG9jbHAuYjJjbG9naW4uY29tLzMxYjcwYzA3LTljM2ItNDcxZC05MDE4LWI5MDJhNWU2ZTU3Ny92Mi4wLyIsImV4cCI6MTU5NDIwNjE1MSwibmJmIjoxNTk0MjAyNTUxLCJhdWQiOiIxOTQ5YWE3NS1kYjI2LTQ0Y2UtOTU4My00OTNkYTE3NDRlMDkiLCJuYW1lIjoiTklLRVNIIEpPU0hJIiwiaWRwIjoiZ29vZ2xlLmNvbSIsInN1YiI6IjVlMmVlZWNhLTg4Y2ItNGNiOS05ZmI2LTU2MWI4YWNmMmQ1YSIsImpvYlRpdGxlIjoiU0UiLCJlbWFpbHMiOlsibmlrZXNoam9zaGkyMDAxQGdtYWlsLmNvbSJdLCJ0ZnAiOiJCMkNfMV9zaWdudXBzaWduaW4xIiwiYXpwIjoiMTk0OWFhNzUtZGIyNi00NGNlLTk1ODMtNDkzZGExNzQ0ZTA5IiwidmVyIjoiMS4wIiwiaWF0IjoxNTk0MjAyNTUxfQ.Z0wLIlzHIS0A1McQHeKsWmzCVDMOJSVcCmFzWLa99b0YPS7aTyJEIp5lWd9sINtjJRiSmxcAtQP1IOgX3RhuDNRJ6GDib7EMNxi6234HBEB_wsrQ9FDkr3dbLkkU09zP5f4GjBKliuRpiIqX6ukne8InHOgy9ZuJbw43BbiMkj4S1Y5rZlABRgw1ncHGW0x8AE4DB6d9P8Yb9l6R_4NF2tmLp_vlzXQLRAqEI5IlXIDVyNIEWrEwdDvtjXJ_CtiQL7dxHuzDHbzY1NB_lV4KcjXPtdPukr1K9p6D1WoIe4aytJ_4IzG_nJjH-pM_vzxZ4Syift1i0qXra6clRdB2lQ'
- Once the AccessToken expires, use the RefreshToken to get a new AccessToken
POST <websiteUrl>/api/v1/ExternalAuthToken/RefreshToken/{identityProvider}
{identityprovider} = PHONE/EMAIL/AZUREAD
Body:
{
"RefreshToken":"<Token>"
}
"Refresh Token" can be used to increase the validity of the AccessToken. The expiration date of RefreshToken will depend on the authentication type of the platform instance.
Once the RefreshToken expires, user will need to login to the instance explicitly to get new AccessToken and RefreshToken (unless you are using S2S authentication).
Typically, AccessToken is valid for 24 hours and RefreshToken is valid for 90 days.
Database Schema
Refer this document to get details on the Database Schema.