To get access to the API, it is required to use an API key. An administrator of the learning environment (who also has the tenant role) can create an API key by going to Settings. There, they can click Manage API Keys to create one or multiple API keys.

The API key needs to be kept secure. Be careful who you send it to and don't place it anywhere in JavaScript code that the browser will load. The API is not supposed to be called from the client side.

The API key can potentially give someone access to all user data in your learning environment.

If the API key gets compromised, please contact us as soon as possible. We can delete the API key so it can't be used any more and then provide you with a different one.

For further security measures we have the possibility to use two kinds of whitelists per API key:

  • Whitelisting by IP address. This way the API can only be called with this API key from servers with an IP address in the whitelist.
  • Whitelisting by API call. This way only specific API calls can be used with this API key. For example, if only addUser is whitelisted, the API key will only give access to this call and any other call will result in an error.

If you want to set up whitelisting for an API key, please contact our Support Heroes via support@anewspring.com.


The next article explains how to call the API and also how to include the API key:

API - Calling the API and the output format