Tags: Flow

Flow does not provide a public API for unauthenticated access. All API calls must be authenticated either by an in-browser logged in session or API key.

The Flow API uses OAuth authentication. This means that instead of supplying your Pluralsight credentials to a third-party tool to authenticate your identity, which is a serious security concern, you provide an encrypted string called an API key. The API key is a unique encrypted string that Flow uses to identify and authenticates users

Tip: Instead of assigning an API key to individual users, Flow recommends that you create an API service account and assign an API key to that account. You would then supply that key when interacting with a REST client or application. A step-by-step guide for creating a service account is available here.

Create an API key

  1. Select Settings then click API keys from the menu.
  2. Click the Create API key button on the User API Keys panel.  
  3. Select the down arrow to display a list of current users, and enter the name of the user to whom you want to assign the API key.  
  4. Click the Save button. The API key is displayed in the Key column for the user. For security, Flow shows only the last few characters of the key.
  5. Click the API key to copy it to the system’s clipboard.  

back to top

Deactivate an API key

If you want to revoke a user’s access the Flow API, you must deactivate their API key.

  1. Select Settings then click API Keys from the menu.
  2. Select the checkbox of the user whose API key you want to deactivate.
  3. Click the Actions dropdown.
  4. Click Deactivate.

back to top

Authenticate in a client

Before calling the API from your client, you must authenticate the call by passing in the API key using the header, as shown in the below image of the Postman client:

  1. Click the Authorization tab.
  2. Select Bearer Token from the type drop-down list.
  3. Paste your Flow API key in the Token field.
  4. Enter your request URL

Here is an example cURL request.  You can see the proper header structure (‘Authorization: Bearer token’).

back to top

Authenticating in cURL

curl -X GET --header 'Accept: application/json' \ --header 'Authorization: Bearer your_token_goes_here' \ ''

back to top

If you need help, please email for 24/7 assistance.