API and Webhooks

Authentication

Authenticating API v2 calls with JWT
You can use Higher Logic Vanilla's JWT addon to authenticate against the API v2, in addition to the normal web SSO flow. What is a JWT? JWT stands for JSON Web Token. JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties. In order to use this authentication, you…
Authenticating API v2 calls with Role Tokens
In Higher Logic Vanilla (Vanilla), Role tokens are an authorization mechanism that are valid on only the following endpoints of Vanilla's API. GET /api/v2/users/:userID GET /api/v2/subcommunities GET /api/v2/products What is a Role token? A Role token is a signed JSON Web Token (JWT) with claims about a set of Roles. These…
Authenticating APIv2 calls with Personal Access Tokens
The APIv2 supports two means of authentication, and both require an access token. HTTP header To authenticate with the HTTP header, pass the access token in the Authorization field with the bearer scheme. Authorization: Bearer <your_jwt_token> ✔️ TIP: This is the preferred way of authenticating against the API because…
Authenticate API v2 Calls as Another User (Spoofing)
When doing server-to-server API integrations, you may want to make API calls on behalf of another user. In Higher Logic Vanilla (Vanilla), you can do this by spoofing as another user, as described in this article. 📝 NOTE: The spoofing feature is enabled by default in all Vanilla accounts. API calls and spoofing You can…