Authentication

Learn REST API is secured by Basic Authentication. A Learn instance comes with a generic API user account. Obtain the username and password from Learn administrator, and share the login credentials with your implementation team.

Authentication to the API may be performed against any resource. Provide your login credentials as a Base64-encoded username:password using this pattern: Basic .*. An access token is generated and returned in response header if authentication for the provided credentials is successful. Otherwise, an HTTP 401 Unauthorized status is returned.

Request without Authorization or X-Learn-Access-Token header will also fail with an HTTP 401 Unauthorized status code. Use of access token is optional, but recommended. An access token validity is determined by expiration model and timeout values which can be modified by logging appropriate Service Request. By default, the token uses a 'Sliding' expiration model, and the timeout is set to 30 minutes. Other available expiration models include: None (token never expires) and Absolute (token expires at a specific time and it's validity can't be extended).