Totara has a number of APIs available, each with its own specific purpose:
Recommended API to use for external interactions between Totara and other systems. Available in Totara 17+.
Using the External GraphQL API | Developing for the External GraphQL API
Using the AJAX GraphQL API | Developing for the AJAX GraphQL API
Designed to be used exclusively by Totara's official mobile application (Totara Mobile). Available in Totara 13+.
Using the Mobile GraphQL API | Developing for the Mobile GraphQL API
This API is not recommended, but does currently provide external access to a number of services not yet available via the GraphQL APIs. Available in all versions but now deprecated.
Using legacy web services | Developing legacy web services for Totara
The table below summarises the options and their differences in more detail.
Preferred external API, undergoing active development
Introspection via API setting
Used by developers wanting to integrate with Totara.
Implemented by Totara and partner developers wanting to extend Totara's core APIs.
Persisted queries only
Used by front-end developers writing Totara TUI components.
Implemented by Totara and partner developers wanting to extend Totara's core TUI functionality.
Session ID via web cookie + CSRF token
Also supports some unauthenticated 'nosession' requests
Used by the Totara mobile app.
Implemented by Totara and partner developers wanting to extend Totara's mobile app.
Provides access to the schema of all endpoint types.
Deprecated - not recommended for use going forward.