Flow does not provide a public API for unauthenticated access. All API calls must be authenticated either by an in-browser logged in session or API key.
Note: To use the interactive Swagger documentation for the Customer API endpoints, you must use an in-browser logged in session to Flow. To use the interactive Swagger documentation for any metrics API endpoints, you must use an API key.
The Flow API uses OAuth authentication. This means that instead of supplying your Pluralsight credentials to a third-party tool to authenticate your identity, which is a serious security concern, you provide an encrypted string called an API key. The API key is a unique encrypted string that Flow uses to identify and authenticates users
Tip: Instead of assigning an API key to individual users, Flow recommends that you create an API service account and assign an API key to that account. You would then supply that key when interacting with a REST client or application. See Service accounts in Flow for a step-by-step guide for creating a service account.
Permissions
You need the Manage API Keys permissions to create or delete API keys.
Create an API key
To create an API key:
- Select Settings then click API keys from the menu.
- Click the Create API key button on the User API Keys panel. You can only create an API key for yourself.
- A modal will pop up displaying your API key. Copy the API key from the modal. Once you close the modal, you will be unable to view the key again.
- Click Save and close. You’ll see the below banner stating your API key was created.
Note: Only one active API key can exist for each user. If you see a message stating that an API key already exists for you, you’ll be prompted to delete your current API key before you can create a new one.
Delete an API key
Important: Deleting your API key is a permanent action and cannot be reversed.
To delete an API key:
- Select Settings then click API Keys from the menu.
- If you have an existing API key, you’ll see a row with your information on it. The right column displays the option for you to delete your API key.
- Click Delete.
- A modal will pop up prompting you to confirm your deletion. Click Delete API.
Authenticate in a client
Before calling the API from your client, you must authenticate the call by passing in the API key using the header, as shown in the below image of the Postman client:
- Click the Authorization tab.
- Select Bearer Token from the type drop-down list.
- Paste your Flow API key in the Token field.
- Enter your request URL
Authenticating in cURL
Here is an example cURL request. You can see the proper header structure (‘Authorization: Bearer token’).
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer <your_token_goes_here>' 'https://flow.pluralsight.com/v3/customer/core/users/?limit=3'