The Brightspace API provides developers with two Authentication approaches: OAuth 2.0 and our own proprietary Id Key Auth. This Authentication Guide focuses on OAuth 2.0. Please note that we encourage you to use the OAuth 2.0 standard as that is where we at D2L are investing.
OAuth 2.0
OAuth 2.0 is an open standard authentication framework that provides multiple authentication flows, including the three-legged OAuth flow. It allows developers to write applications that access different services on behalf of a user.
Because of its alignment with standards OAuth 2.0 is our recommended authentication approach.
Workflow
To use OAuth 2.0 with the Brightspace API follow these steps:
1. In Brightspace’s Manage Extensibility Tool create an OAuth 2.0 App.
2. For a Brightspace User, request your Initial Access and Refresh Tokens:
3. Use the Access Token in the header of your Brightspace API Requests. You can use this Access Token until it expires.
4. Use the Refresh Token to get a new Access Token (and a new Refresh Token). This can be done when your current Access Token expires, or prior to the Access Token expiring:
Resources
Documentation
OAuth 2.0 Guide
OAuth 2.0 Scopes Table
Developer Community Articles
How To Get Started With OAuth 2.0
How To Obtain An OAuth 2.0 Refresh Token
Brightspace Data Sets - Headless (Non-Interactive) Client Example
Getting Started With OAuth 2.0 Scopes - FAQ
GitHub
Postman Collections
- Specifically GetInitialToken and WhoAmI
oauth2.0-client-example
bds-headless-client-example
