Badgekit User API

In the BadgeKit app, the settings section allows you to manage user accounts for issuing personnel. BadgeKit users may also be added and removed (or have their permissions modified) via API calls. Note that these calls are not to BadgeKit API, but to BadgeKit itself.

The endpoints are:

• POST /api/user
• DELETE /api/user

Expected request

Requests should be sent as application/json.

HTTP/1.1

Content-Type: application/json

{
  "auth": (encoded JWT, see below),
  "email": "edogg@example.org",
  "context": { "system": "SystemSlug", "issuer": "IssuerSlug", "program": "ProgramSlug" },
  "permissions": { "canDraft": true, "canPublish": false, "canReview": true }
}

Notes:

• issuer and program within context are optional (these are admin levels you can use in BadgeKit)
• If a permission type is omitted, it defaults to false
• permissions is not required (and has no effect if included) for DELETE requests.

Authentication

The auth parameter of the request should be encoded as a JWT token using the BadgeKit User API's secret (note that this is NOT the same as BadgeKit API's secrets). Supported algorithms are HS256, HS384, HS512 and RS256. The decoded JWT should be structured as follows:

{
  "prn": {
    "email": "edogg@example.org",
    "context": { "system": "SystemSlug", "issuer": "IssuerSlug", "program": "ProgramSlug" },
    "permissions": { "canDraft": true, "canPublish": false, "canReview": true }
  },
  "method": "POST",
  "exp": 1400819380,
  "typ": "JWT"
}

If you're using a self-hosted instance of BadgeKit, you can configure your User API secret during installation. If you're using the Mozilla-hosted version of BadgeKit and want to access the User API, get in touch and we'll give you the information you need!