API Documentation
  • 04 Sep 2020
  • 1 Minute To Read
  • Print
  • Share
  • Dark
    Light

API Documentation

  • Print
  • Share
  • Dark
    Light

Microsoft Community Training platform exposes its APIs for integration with another service or application. You can use the APIs to automate flows and build new capabilities on top of the out-of-the-box features part of the training platform.

In this article, you will learn more about the API signatures and their authentication flows in respective sections.

API Signatures

To access the Rest API signatures for the APIs exposed by the Microsoft Community Training platform, a user can open the following JSON file in Swagger Editor.

MCT API Documentation.json

API Authentication

A user can authenticate for using the Microsoft Community Training APIs by either of the following methods.

Method 1 : Service to Service Authentication

To obtain the access token programmatically, follow this document for service to service authentication.

Method 2 : Authentication via Tokens

To obtain the access token manually (for testing purposes), follow these steps,

  1. Login into the your Microsoft Community Training instance using your existing credentials

  2. Call the URL https://{your-MCT-portal-domain}/ExternalAuthentication/Login after login from any browser
    For example: To get token for mctdemo2.azurewebsites.net instance, we can call mctdemo2.azurewebsites.net/ExternalAuthentication/Login once the user has logged in.

  3. On the page URL, you will find two tokens, AccessToken and RefreshToken

Note

Tokens are issued for a specific user and are generated interactively, i.e. a user login page comes up first. If the user is an admin on the platform, that user’s token can be used to call admin APIs.

  1. Use the AccessToken to call the Rest APIs (Ex. bearer AccessToken)
Sample CURL Command
curl --location --request GET 'https://contoso.azurewebsites.net/api/v2/Profile' \--header 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL21lcmNhZG9jbHAuYjJjbG9naW4uY29tLzMxYjcwYzA3LTljM2ItNDcxZC05MDE4LWI5MDJhNWU2ZTU3Ny92Mi4wLyIsImV4cCI6MTU5NDIwNjE1MSwibmJmIjoxNTk0MjAyNTUxLCJhdWQiOiIxOTQ5YWE3NS1kYjI2LTQ0Y2UtOTU4My00OTNkYTE3NDRlMDkiLCJuYW1lIjoiTklLRVNIIEpPU0hJIiwiaWRwIjoiZ29vZ2xlLmNvbSIsInN1YiI6IjVlMmVlZWNhLTg4Y2ItNGNiOS05ZmI2LTU2MWI4YWNmMmQ1YSIsImpvYlRpdGxlIjoiU0UiLCJlbWFpbHMiOlsibmlrZXNoam9zaGkyMDAxQGdtYWlsLmNvbSJdLCJ0ZnAiOiJCMkNfMV9zaWdudXBzaWduaW4xIiwiYXpwIjoiMTk0OWFhNzUtZGIyNi00NGNlLTk1ODMtNDkzZGExNzQ0ZTA5IiwidmVyIjoiMS4wIiwiaWF0IjoxNTk0MjAyNTUxfQ.Z0wLIlzHIS0A1McQHeKsWmzCVDMOJSVcCmFzWLa99b0YPS7aTyJEIp5lWd9sINtjJRiSmxcAtQP1IOgX3RhuDNRJ6GDib7EMNxi6234HBEB_wsrQ9FDkr3dbLkkU09zP5f4GjBKliuRpiIqX6ukne8InHOgy9ZuJbw43BbiMkj4S1Y5rZlABRgw1ncHGW0x8AE4DB6d9P8Yb9l6R_4NF2tmLp_vlzXQLRAqEI5IlXIDVyNIEWrEwdDvtjXJ_CtiQL7dxHuzDHbzY1NB_lV4KcjXPtdPukr1K9p6D1WoIe4aytJ_4IzG_nJjH-pM_vzxZ4Syift1i0qXra6clRdB2lQ'
  1. Once the AccessToken expires, use the RefreshToken to get a new AccessToken
API signature to get AccessToken using RefreshToken
POST <websiteUrl>/api/v1/ExternalAuthToken/RefreshToken/{identityProvider}
 
{identityprovider} = PHONE/EMAIL/AZUREAD
 
Body:
{
"RefreshToken":"<Token>"
}
Tips

"Refresh Token" can be used to increase the validity of the AccessToken. The expiration date of RefreshToken will depend on the authentication type of the platform instance.

Once the RefreshToken expires, user will need to login to the instance explicitly to get new AccessToken and RefreshToken (unless you are using S2S authentication).

Typically, AccessToken is valid for 24 hours and RefreshToken is valid for 90 days.

Database Schema

Refer this document to get details on the Database Schema.

Was This Article Helpful?