Inspera Assessment API

v1.1 

This document provides general documentation on the Inspera APIs and a quick user guide on getting started. If you have any questions, requests or need any assistance, feel free to get in touch via api@inspera.no or your dedicated contact.

Are you looking for general information on integrations with Inspera Assessment? If so, take a look at APIs and Integrations.


General information

The Inspera Assessment API is a set of open REST APIs allowing external systems to access a subset of Inspera Assessment functionality using Inspera Assessment user privileges. The functionality provided will include creating and updating tests, assigning and removing learners and contributors from tests, exporting results and responses after grading, as well as user management. 

We develop and update and add new APIs continuously. All changes and additions to existing APIs, as well as new developed APIs and API roadmap plans are announced through Inspera's release notes. Please see our product site to learn about how to subscribe to release notes here: https://support.inspera.com/hc/en-us/articles/360038889831-Product-updates-release-notes-2020

Inspera APIs in customer landscape

Illustration of how APIs fit into customer system landscape (APIs and integration in general are presented as blue blocks)

Inspera's APIs are build as groups of APIs, depending on the functions and modules in Inspera Assessment they touch upon:

  • Candidate API group (handle export of learner submissions and results export)

    • Export of learners submissions (PDF)

    • Export of learners results (JSON)

  • Test API group (APIs to transfer test events to Inspera Assessment)

    • Create or update tests

    • Assign or remove learners and contributors

    • Export of test materials (PDF / QTI)

    • Export of test metadata

    • Register or redraw appeals

    • Set or change test settings New

    • Register or export explanations

    • Search tests based on criteria

  •  Users API group (transfer users from external systems to Inspera Assessment)

    • Create, update or delete administrative users

    • Create or update learners (students)

    • Search for users

    • Export user information

We also provide set of Webhooks and events to make  machine - to - machine integrations possible. Inspera provides a set of events that systems can subscribe to and act accordingly to make workflows between systems possible. We update and add new events continuously, full overview over available events can be obtained from GET action on the following: https://ia.inspera.no/apidoc/#/webhooks_(beta)/listAllSubscriptions


Getting started

First steps

To get started, you will need a user in Inspera Assessment, with Administrator privileges. From the user profile interface, you will then be able to access the API key details for either yourself or other Inspera users in your organization. These authorization details will include an API key (authorization code). In addition to this code,  client id is needed to be able to send API call to obtain authentication token. This will be explained later in this document.

The API key will be accessible only once and if a user loses or forgets their API key, any administrator for your organization will be able to revoke that user's access and generate a new code for them.



Important note!

Generating API keys can only be done by users that have the User Admin role.

Calls made with a given API key will follow the same privileges as the linked user account has. The same goes for webhook notifications. We strongly recommend creating dedicated Integration users on your Inspera Assessment tenant, and use API keys from these users for integration API calls. This is to make the integration independent of personal user accounts.



Where is API key in Inspera Assessment user interface?

Open "User administration" from Inspera Assessment main page and search for user you want to generate key for. The following will appear on the screen:

How to obtain client_ID?

"client_ID" is a parameter needed for the correct access token to be generated. This value is, in most cases, host-part of the domain of your Inspera Assessment url. For instance, if your Inspera URL is https://test.inspera.com/ , clientID will be "test".  However, this may not be the case for all clients, in which case, please contact us at api@inspera.com.

Once a user has their authorization code and have obtained client id, they will be able to start using the APIs.

Update release December 2020:

ClientID is now visible in Inspera Assessment together with API key generation field:

Authentication and access tokens

An authentication code and client id are not directly used to access the APIs - a user will first have to call the Authenticate API (see below) and acquire a short-lived access token. All of the actual API calls will then be made using this token. Once a token expires, users will need to acquire a new one, using either the original authentication code, or using a refresh token provided by the Authenticate API (refresh tokens are not implemented at the moment).


Making API calls

The APIs listed below are available via HTTPS requests (see the specific API documentation for details).



To obtain access token, call should be made in the following format:

curl -d "" -H "code:<your user API authorization code>" "https://<your inspera domain>/api/authenticate/token/ ?grant_type=authorization_code&client_id=<your client_id>"



All the APIs assume a base url in the following format:

https://<your inspera domain>/api 

In this table you will find key values for API authentication:



Value



Value

URL

/api/authenticate/token/

Method

POST

URL Parameters:

*required



grant_type*

authorization_code

code*

(string)

client_id*

(string), please see above for more details on how to obtain this information)

Data Parameters:

(required for POST)



Content-Type

application/x-www-form-urlencoded

Responses:



200

Success

Returns: 

{
    "access_token": string,
    "expires_in": integer
}

400

Error: Bad request

Returns:

{

    "error": [OAuth2Exception]

}

401

Error: Unauthorized

Returns:

{

    "error": "invalid_grant"

}

409

Error: Conflict

Returns:

{

    "error": "Multiple tokens for user",

    "description": "Please contact inspera support"

}

500

Error: Internal server error

Returns:

{

    "error": "Internal error authenticating user",

    "description": "Please contact inspera support"

}

501

Error: not implemented


Sample scenario using command line tools to authenticate and get test results

Below we go through using the API from the command line, assuming the curl tool is installed. Since all messages are in JSON, jq is also very handy and will give you color coding and easy data extraction when working from the command line or in shell scripts.

This scenario is not covering all details - please see the actual API documentation for the specifics on the formats of the requests and responses.

Sample

Required data used in this sample

Field

Value

Field

Value

User authorization code (from Inspera user administration)

123456-7890-abcd-efgh

Inspera domain

demo.inspera.no

client_id

demo



Step 1: authenticate and obtain access token

1 curl -d "" -H "code:123456-7890-abcd-efgh" "https://demo.inspera.no/api/authenticate/token/ ?grant_type=authorization_code&client_id=demo" # (the space before ? is to prevent confluence to escape the remainder of the url - don't include it when you make the call yourself)

Note:

The option -d "" makes curl send a POST request with empty body and content type application/x-www-form-urlencoded, which the authentication API requires.

This will, if successful, return a JSON containing an access bearer token (in this example: "xyz-abcd-efg" and a lifetime in seconds)

The response will look like:

1 2 3 4 { "access_token": "xyz-abcd-efg", "expires_in": 3600 }



Step 2: Send API call

Example 1:

In this example, API call is made to get test metadata for test with testID=12312312 using this API https://ia.inspera.no/apidoc/#/test/getTestMetadata

1 curl -H "Authorization: bearer xyz-abcd-efg" https://demo.inspera.no/api/v1/test/12312312

Or, if we wanted to keep the access token from the command line, we can use jq to just store it as an environment variable and reuse it:

1 2 3 auth_response=$(curl -d "" -H "code:123456-7890-abcd-efgh" "https://demo.inspera.no/api/authenticate/token/ ?grant_type=authorization_code&client_id=demo") # (the space before ? is to prevent confluence to escape the remainder of the url - don't include it when you make the call) token=$( jq -r '.access_token' <<< "${auth_response}" ) curl -H "Authorization: bearer ${token}" https://demo.inspera.no/api/v1/test/12312312



Example 2:

In this example, API call is made to export results for a learner on a given test using this API: https://ia.inspera.no/apidoc/#/candidates/getCandidateResult

test_id= 12312312

user_id=987654

1 curl -H "Authorization: bearer xyz-abcd-efg" https://demo.inspera.no/api/v1/candidates/result/12312312/987654

Since this API can fetch a significant amount of data, it will, instead of immediate results, return a callback url:

1 https://demo.inspera.no/api/v1/candidates/results/12312312/987654

Performing a get for this will return either the status of the export, or, once it's done (usually under 5s), a short-lived url for downloading the JSON of the export.

1 curl -H "Authorization: bearer xyz-abcd-efg" https://demo.inspera.no/api/v1/candidates/results/12312312/987654

Finally, the admin user can take the provided url and download and use the export of the test results.



Code Example

See Code Example.