Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space TDDM and version 1

The External GraphQL API is recommended when connecting an external system to or from Totara. See Available APIs for a summary of the other APIs we offer and their uses.


Registering a client is explained in more detail in the Totara user documentation.


Note that system-level API clients cannot be accessed by tenant users, even if tenant isolation is disabled. This is to prevent possible privilege escalation.

Step 2: Request a token

To programmatically request a token, call the OAuth 2.0 token endpoint as follows, passing the client_id and client_secret obtained during step 1:


Step 3: Submit a request with a valid token

Copy the value from the "access_token" property in the response into the Authorization: Bearer header of your request. See below for how to structure an API request.

Endpoint location

All requests to the external API are made through a single endpoint: