Flow does not provide a public API for unauthenticated access. All API calls must be authenticated either by an in-browser logged in session or API key.
Note: To use the interactive Swagger documentation for the Customer API endpoints, you must use an in-browser logged in session to Flow. To use the interactive Swagger documentation for any other API endpoints, you must use an API key.
The Flow API uses OAuth authentication. Instead of supplying your Pluralsight credentials to a third-party tool to authenticate your identity, you provide an encrypted string called an API key. The API key is a unique encrypted string that Flow uses to identify and authenticates users
Tip: Instead of assigning an API key to individual users, create an API service account and assign an API key to that account. Supply that key when interacting with a REST client or application. See Service accounts in Flow for a step-by-step guide for creating a service account.
Permissions
You must have the Manage API Keys permissions to create or delete API keys.
Create an API key
To create an API key:
- Click Settings then click API keys.
- Click the Create API key button. You can only create an API key for yourself.
- A modal will pop up displaying your API key. Copy the API key from the modal. Once you close the modal, you can't view the key again.
- Click Save and close. You’ll see the below banner stating your API key was created.
Note: Only one active API key can exist for each user. If you see a message stating that an API key already exists for you, delete your current API key before you can create a new one.
Delete API keys
Important: Deleting your API key is a permanent action and cannot be reversed.
To delete an API key:
- Click Settings then click API Keys.
- If a user has an existing API key, you’ll see a row with the user's name and email. Click the checkbox next to the name of all users whose keys you want to delete.
- Click Delete.
- A modal will pop up prompting you to confirm your deletion. Click Delete key.
Authenticate in a client
Before calling the API from your client, you must authenticate the call by passing in the API key using the header. Using a Postman client as an example:
- Click the Authorization tab.
- Select Bearer Token from the type drop-down list.
- Paste your Flow API key in the Token field.
- Enter your request URL
Authenticating in cURL
Here is an example cURL request. You can see the proper header structure ‘Authorization:
Bearer <token>’
.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer <your_token_goes_here>' 'https://flow.pluralsight.com/v3/customer/core/users/?limit=3'