API and Webhooks - The Success Community

API and Webhooks

API v2 Reference & Endpoints
This document is an up-to-date API reference for all of Vanilla's public API v2 endpoints.
Authenticating API v2 calls with JWT
You can use Higher Logic Vanilla's JWT addon to authenticate against the API v2, in addition to the normal web SSO flow. What is a JWT? JWT stands for JSON Web Token. JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties. In order to use this authentication, you…
API v2 Overview
Vanilla's API v2 has been rebuilt from the ground up to enable tighter integrations and lower-level access to all of Higher Logic Vanilla's (Vanilla) features using an API-first strategy. The initial release provides feature parity with our API v1. 📝 NOTE: New endpoints will be available as they are completed, so keep an…
Authenticating API v2 calls with Role Tokens
In Higher Logic Vanilla (Vanilla), Role tokens are an authorization mechanism that are valid on only the following endpoints of Vanilla's API. GET /api/v2/users/:userID GET /api/v2/subcommunities GET /api/v2/products What is a Role token? A Role token is a signed JSON Web Token (JWT) with claims about a set of Roles. These…
Authenticating APIv2 calls with Personal Access Tokens
The APIv2 supports two means of authentication, and both require an access token. HTTP header To authenticate with the HTTP header, pass the access token in the Authorization field with the bearer scheme. Authorization: Bearer <your_jwt_token> ✔️ TIP: This is the preferred way of authenticating against the API because…
Analytics API
/analytics/leaderboard GET /api/v2/analytics/leaderboard HTTP/1.1 Host: https://yoursite.vanillaforums.com Retrieve data for a site leaderboard. Authentication: required Parameters Parameter Type Description board string Type of leaderboard start string Start of the time range (ISO 8601) end string End of the time range…
Authenticate API v2 Calls as Another User (Spoofing)
When doing server-to-server API integrations, you may want to make API calls on behalf of another user. In Higher Logic Vanilla (Vanilla), you can do this by spoofing as another user, as described in this article. 📝 NOTE: The spoofing feature is enabled by default in all Vanilla accounts. API calls and spoofing You can…
CORS - Cross-Origin Resource Sharing
Cross-origin resource sharing (CORS) allows pages on other domains to access the API. To use CORS, you’ll have to specifically allowlist each domain you want to grant access; this ensures that no bad actors are calling your API from sites you don’t control. Allowlist domains for CORS Perform the following steps to…
Rate Limits
The API is rate-limited in order to prevent abuse and protect our origins from attack. Rate limiting is performed on a per-IP basis. Exceeding the following rate limits will result in a temporary block, during which the service will respond with HTTP 429 Too Many Requests. The block will lift automatically after 1 minute.…
Date Filters
There are many endpoints that enable you to filter on a date, such as the date that a record was inserted or updated. In these cases, you can filter based on a range of values. Date formats The most simple filter is to specify a date and check for equality. When doing so, use the RFC3339 format. For example: 2018-12-25…