The CAS API requires an OAuth 2-compliant identity token to call any endpoint. Typically the first API call your integration application makes to the CAS API is an identity token. These tokens are valid for one hour. Your integration application must refresh the identity token on an hourly basis; otherwise, your API calls will be refused with an "unauthorized" error message.
The OAuth 2 identity token also includes what data you can access. The CAS API currently supports two types of users:
Access to the CAS API is provided upon request by your campus's Institution Manager. The Institution Manager should contact Liaison's Client Support Specialist team to request access. When requesting access, please provide the following information:
Liaison will then create an account for you with a default password, which you can change afterward. Since the password reset email is sent to the email address you provide, Liaison recommends using an email address account that you can check for these emails.
In addition, if your institution has multiple integration projects, then each CAS API account must have a unique email address. Creating separate API accounts for each integration application is a security best practice and is strongly recommended.
You can test the CAS API using one of the following API client tools or sample codes from https://developer.liaisonedu.com. You must have an active CAS API account first before testing.
We also offer screenshots and sample code for using Postman and cURL. Note that the screenshots included may differ from your view. If you have any questions about using Postman and cURL, contact those companies directly.