Overview

OpenApply offers applications the ability to issue authenticated requests on behalf of the application. Authentication uses the "Client Credentials Grant" flow of the OAuth2 specification.

Setup and configuration

To use v3 of OpenApply's API, credentials for Oauth API(v3) need to be created via Settings -> Integrations -> Public API. The credentials can be obtained from there, and comprise of the Client ID and Client Secret. These credentials are submitted to the oauth endpoint, which responds with a bearer token, which is then passed onto every subsequent call.

Follow the steps below:

Login to your account on https://subdomain.openapply.com/users/sign_in
Navigate to the Settings and open the Public API page for which you would like to add new application. You'll find your Client ID, Client Secret
The host name is dependent on region:
- Canada: https://school.openapply.com
- China: https://school.openapply.cn
- Europe: https://school.openapply.eu

Authentication flow

Please see the page below for more details

Best practice is to request a new bearer token each time an integration flow is launched. It is fetched by providing the Client ID and secret from the API manager, and making the following POST request to the /oauth/token endpoint

cURL -u '<Client ID>:<Client Secret>' \
  --data 'grant_type=client_credentials' \
  'https://subdomain.openapply.com/oauth/token'

Response includes the bearer token:

{
    "access_token": "a7be…3a1d3",
    "token_type": "Bearer",
    "expires_in": 2629745,
    "created_at": 1588183754
}

Use this access_token as the value for the Authorization header with "Bearer " prefix:

cURL -H "Authorization: Bearer ACCESS_TOKEN"  https://subdomain.openapply/api/v3/students

Note that the Bearer Token expires after 30 days, and is subject to change. Bearer tokens from invalidated credentials will remain valid until the 30 days is expired.

Last updated 3 months ago

Was this helpful?