Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Totara has a number of APIs available, each with its own specific purpose:

...

APIDescriptionStatusAvailabilityTechnologyTarget audienceEndpoint locationAuthentication mechanismNotes
'External' APIModern, fully-featured API

Preferred external API, undergoing active development

TXP17+

GraphQL

Client-defined queries

Introspection via API setting

Used by developers wanting to integrate with Totara.

Implemented by Totara and partner developers wanting to extend Totara's core APIs.

/api/graphql.phpOAuth 2.0 access tokenCurrently has limited available services but these will grow over time.
AJAX APIUsed by Totara's client-side Javascript to obtain data from back-end serverPreferred internal APITXP13+

GraphQL

Persisted queries only

No introspection

Used by front-end developers writing Totara TUI components.

Implemented by Totara and partner developers wanting to extend Totara's core TUI functionality.

/totara/webapi/ajax.php

Session ID via web cookie + CSRF token

Also supports some unauthenticated 'nosession' requests

Not suitable for external access due to web cookie authentication.
Mobile APIUsed by Totara's official mobile app to obtain data from back-end serverPreferred API for mobile developmentTXP13+

GraphQL

Persisted queries only

No introspection

Used by the Totara mobile app.

Implemented by Totara and partner developers wanting to extend Totara's mobile app.

/totara/mobile/api.phpAPI key passed in request header
Developer APIUsed by developers while developing code for TotaraOptional API for use by developersTXP13+

GraphQL

Client-defined queries

Introspection available

Developers during code development process./totara/webapi/dev_graphql_executor.phpSession ID via web cookie or header

Provides access to the schema of all endpoint types.

Legacy web servicesHistoric API, built as part of Moodle. Does not implement services for Totara-specific functionality.

Deprecated - not recommended for use going forwardWe do not recommend using where there is an 'External' API for the same service.

We intend to deprecate and remove the legacy web services when the 'External' API has similar service coverage.

All versionsREST XML-RPC/SOAPNot recommended.

/webservice/rest/server.php

/webservice/xmlrpc/server.php

/webservice/soap/server.php

Custom tokenLimited extensibility and token security.

...