Skip to main content

Getting Access to the CAS API

CAS API Security

The CAS API requires an OAuth 2-compliant identity token to call any endpoint. Typically the first API call your integration application makes to the CAS API is an identity token. These tokens are valid for one hour. Your integration application must refresh the identity token on an hourly basis; otherwise, your API calls will be refused with an "unauthorized" error message.

The OAuth 2 identity token also includes what data you can access. The CAS API currently supports two types of users:

  • Association user: this user can view any institution that participates in a CAS and all applicants and applications.
  • Organization user: this user can only view the applicants and applications for their specific institution.

Requesting a CAS API Account

Access to the CAS API is provided upon request by your campus's Institution Manager. The Institution Manager should contact Liaison's Client Support Specialist team to request access. When requesting access, please provide the following information:

  • Institution Manager's name and email address
  • Name of the user to receive CAS API access
  • The name of your institution (university/college/school/etc.)
  • The CAS, one or many, that you're interested in (e.g., BusinessCAS)
  • The CAS admissions cycles you're interested in (e.g., 2023-2024 and 2024-2025)
  • The CAS API user's phone number
  • The CAS API user's email address (we recommend using a shared email account so that it isn't tied to an individual)

Liaison will then create an account for you with a default password, which you can change afterward. Since the password reset email is sent to the email address you provide, Liaison recommends using an email address account that you can check for these emails.

In addition, if your institution has multiple integration projects, then each CAS API account must have a unique email address. Creating separate API accounts for each integration application is a security best practice and is strongly recommended.

Testing the CAS API

You can test the CAS API using one of the following API client tools or sample codes from You must have an active CAS API account first before testing.

We also offer screenshots and sample code for using Postman and cURL. Note that the screenshots included may differ from your view. If you have any questions about using Postman and cURL, contact those companies directly.

  • Was this article helpful?