The CAS API requires an OAuth 2-compliant identity token to call any endpoint. Typically the first API call your integration application makes to the CAS API is an identity token. These tokens are valid for one hour. After expiration, use the refreshToken endpoint to obtain a new token. Always send the ID token via the Authorization HTTP header.
Your integration application must refresh the identity token on an hourly basis; otherwise, your API calls will be refused with an "unauthorized" error message.
The OAuth 2 identity token also includes what data you can access. The CAS API currently supports two types of users:
Note that an API key is required to access the CAS API. Keys are issued at onboarding and must be included with all requests in the x-api-key HTTP header.
Access to the CAS API is provided upon request by your campus's Institution Manager. The Institution Manager should contact Liaison's Client Support Specialist team to request access. When requesting access, please provide the following information:
*Prelaunch is the staging environment where you can create your own test cases. Production is the live environment. See more information about CAS environments.
Liaison will then create an account for you with a default password, which you can change afterward. Since the password reset email is sent to the email address you provide, Liaison recommends using an email address account that you can check for these emails.
You can test the CAS API using one of the following API client tools or our sample code. You must have an active CAS API account first before testing.
We also offer screenshots and sample code for using Postman and cURL. Note that the screenshots included may differ from your view. If you have any questions about using Postman and cURL, contact those companies directly.