Identity API
In order to consume Cambridge Assessment APIs, Consumers need valid token. This API is used by all Cambridge Assessment Applications which are secured with Token.
home
Sequence Diagram
API returns access token based upon the client credentials. These client credentials can be obtained by going to MyApplications page and then selecting the APP for which you want to get the access token.
We currently support client credential and JWT Token grants type.
Use client credentials as grant type when you want to authenticate your application to consume Cambridge Assessment APIs
User password as grant type when you want to authenticate end user to consume Cambridge Assessment APIs
Note: Client credentials differ between non-production and production environments.
End Point details:
Sandbox Resource URL |
|---|
| https://apis-sandbox.cambridgeassessment.org.uk/pp1/v1/cambridge.id/token |
Prod Resource URL |
|---|
| https://apis.cambridgeassessment.org.uk/v1/cambridge.id/token |
Example curls:
curl --location --request POST 'https://apis.cambridgeassessment.org.uk/v1/cambridge.id/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=356d03dd284XXXXXXXXX' \
--data-urlencode 'client_secret=e14114Da832XXXXXXXXXXXX' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=openid'Sample Response:
{
"refresh_token_expires_in": "0",
"api_product_list": "ca-ielts-result-verification-xapi:v1",
"organization_name": "PROD",
"developer.email": "abcdef@ttt.edu",
"token_type": "Bearer",
"issued_at": "1675861928817",
"client_id": "356d03dd284XXXXXXXXX",
"access_token": "ODc0MTlmMjMtYzQ0Ni00YWJkLWFkZjYtNGEzZmXXXXXXXXXXXXXXXXXXXXXXXXXX==",
"application_name": "0000000-IELTS-ResultVerification-CRM-PROD",
"scope": "",
"expires_in": "3600",
"refresh_count": "0",
"status": "approved"}
Body Parameters
| Name | Values | Description |
|---|---|---|
| grant_type(required) | client_credentials | Oauth grant types. Supported grant types are "client_credentials", "password", "refresh_token" |
| client_id(required) | bu3DMYBs6lA1ugzbTslARXhbyyDLsbkj (example only – non-functional) | Consumer key or Client identifier. Contact support to get your own client credentials |
| client_secret(required) | coz7AIAbFkGybDCC (example only – non-functional) | Consumer secret or Client secret. Contact support to get your own client credentials |
| scope | openid | Scope determines level of resource access. openid is optional scope. Multiple scopes can be send as space separated string, Example: openid cie. Supported scopes are cie, ocr, foh |
| username | Mandatory parameter if grant_type is set as password. Otherwise don't use this parameter | |
| password | Mandatory parameter if grant_type is set as password. Otherwise don't use this parameter | |
| refresh_token | Mandatory parameter if grant_type is set as refresh_token. Otherwise don't use this parameter |
Error Codes
| HTTP Code | Error Code | Error Message |
|---|---|---|
| 400 | 70416 | Message Not Processed: Mandatory Query Parameter is missing. |
| 401 | 70401 | Message Not Processed: Invalid Access token. Please provide valid access token. |
| 401 | 70402 | Message Not Processed: Missing Access token. Please provide valid access token. |
| 401 | 70405 | Message Not Processed: Access token expired. Please try again with valid token. |
| 403 | 70403 | Message Not Processed: Not allowed to access requested resource. Please contact support for the access. |
| 404 | 70404 | Message Not Processed: Requested resource is not found. |
| 500 | 60006 | Message Not Processed. There is some technical error while processing request. Please report this to Support team. |
| 503 | 70503 | Message Not Processed: One or more back-end is down. Please try again later. |
| 504 | 70504 | Message Not Processed: Back-end timed out. Please try again later. |