• Address: London, Ontario
  • Email Address: email@certboost.xyz
Prueba gratuita
Have any Questions? +1 431 340 7936

API Reference

Developer Docs / API Reference

REST API Reference

CertBoost LMS REST API v1 — endpoints, authentication, request/response schemas, and ready-to-copy code samples in cURL, Node.js, Python, C#, and PowerShell.

API Key Auth REST v1 <80ms p95 99.99% Uptime

Authentication

Every request must include a valid API key in one of three ways:

  • Header (preferred): X-CertBoost-Key: <your-key>
  • Bearer token: Authorization: Bearer <your-key>
  • Query string: ?api_key=<your-key>

Master Key

Configured in appsettings.json under LmsApi:MasterKey. Has "Admin" permission across all users. Use only from trusted backends. Rotate before production.

User-Scoped Keys

Created from /Authorized/Settings -> API Keys. Each key has Permission (ReadOnly | ReadWrite | Admin), IsActive, and LastUsedAt. Can only access the key owner's /users/{userId}/progress.

Auth Failure Codes

  • 401 — key missing, unknown, expired, or inactive
  • 403 — key valid but lacks required permission
  • 429 — rate limit exceeded (future)

Endpoint Summary

MethodPathPermissionDescription
GET/api/lms/v1ReadOnlyAPI metadata
GET/api/lms/v1/categoriesReadOnlyList certifications
GET/api/lms/v1/users/{id}/progressReadOnlyUser stats
POST/api/lms/v1/assignmentsReadWriteNew assignment
GET/api/lms/v1/webhooksReadOnlyList hooks
POST/api/lms/v1/webhooksReadWriteRegister
DELETE/api/lms/v1/webhooks/{id}ReadWriteRemove
POST/api/lms/v1/webhooks/{id}/testReadWriteTest ping

GET /api/lms/v1 — Directory

Returns metadata describing the API.

Request
curl -H "X-CertBoost-Key: " https://certboost.xyz/api/lms/v1
Response 200
{
  "service": "CertBoost LMS API",
  "version": "v1",
  "docs": "https://certboost.xyz/api/lms/v1/docs",
  "endpoints": [ ... ]
}

GET /api/lms/v1/categories

Lists every certification category. Query params: search (substring match), includeOff (bool).

Request
curl -H "X-CertBoost-Key: " \
     "https://certboost.xyz/api/lms/v1/categories?search=aws"
Response 200
[
  {
    "categoryId": 1,
    "name": "AWS Certified Solutions Architect",
    "code": "AWS-ARCH",
    "description": "Validates expertise in designing...",
    "questionCount": 420,
    "isActive": true
  }
]

GET /api/lms/v1/users/{userId}/progress

Returns a user's complete progress snapshot: every attempt plus per-category averages. Query params: recent (int), fromUtc (ISO).

Permission: Master key -> any userId. User-scoped key -> only the key owner's userId (else 403).

Request
curl -H "X-CertBoost-Key: " \
     "https://certboost.xyz/api/lms/v1/users/60a1...e8/progress?recent=25"
Response 200
{
  "userId": "60a1...e8",
  "fullName": "Jane Doe",
  "email": "jane@acme.com",
  "attempts": [ { "attemptId":"66b0...","categoryId":42,"categoryName":"Azure Fundamentals","correct":18,"total":20,"percent":90.0,"source":"simulation-exam" } ],
  "categoryAverages": [ { "categoryId":42,"categoryName":"Azure Fundamentals","attempts":4,"averagePercent":78.5 } ]
}

POST /api/lms/v1/assignments

Creates a quiz assignment for a user. Also fires the assignment.created webhook.

Request
curl -X POST https://certboost.xyz/api/lms/v1/assignments \
     -H "X-CertBoost-Key: " \
     -H "Content-Type: application/json" \
     -d '{"userId":"60a1...e8","categoryId":42,"dueAt":"2026-05-01T00:00:00Z","note":"AWS SAA prep"}'
Response 201
{
  "assignmentId": "aA7...",
  "userId": "60a1...e8",
  "categoryId": 42,
  "dueAt": "2026-05-01T00:00:00Z",
  "createdAt": "2026-04-19T23:45:11Z",
  "launchUrl": "https://certboost.xyz/Learning/Assignment/aA7..."
}

Integration tip: Deep-link the user into CertBoost by opening launchUrl in an iframe or new tab.

Webhooks API

Manage webhook subscriptions via the REST API. See the Webhooks Guide for full event details.

  • GET /api/lms/v1/webhooks — list your subscriptions
  • POST /api/lms/v1/webhooks — register a new webhook
  • DELETE /api/lms/v1/webhooks/{id} — remove a subscription
  • POST /api/lms/v1/webhooks/{id}/test — send a test event

Error Handling

All non-2xx responses return a JSON body with a single error string:

JSON
{ "error": "Invalid or inactive API key." }
  • 400 Bad Request — malformed JSON, missing required field
  • 401 Unauthorized — missing / invalid key
  • 403 Forbidden — key valid but lacks required permission
  • 404 Not Found — unknown userId, categoryId, or webhook id
  • 409 Conflict — duplicate webhook URL for the same event set
  • 500 Internal — unexpected server error

Code Examples

Node.js (axios)

javascript
const axios = require('axios');
const api = axios.create({
  baseURL: 'https://certboost.xyz/api/lms/v1',
  headers: { 'X-CertBoost-Key': process.env.CB_KEY }
});
const { data: cats } = await api.get('/categories', { params:{search:'aws'} });
const { data: progress } = await api.get(\/users/\/progress?recent=10\);
const { data: asn } = await api.post('/assignments', {
  userId, categoryId: 42, dueAt: '2026-05-01T00:00:00Z'
});
console.log('Launch URL:', asn.launchUrl);

Python (requests)

python
import os, requests
KEY = os.environ["CB_KEY"]
BASE = "https://certboost.xyz/api/lms/v1"
H = { "X-CertBoost-Key": KEY, "Content-Type": "application/json" }
cats = requests.get(f"{BASE}/categories", headers=H).json()
prog = requests.get(f"{BASE}/users/{user_id}/progress", headers=H).json()
new  = requests.post(f"{BASE}/assignments", headers=H,
                       json={"userId": user_id, "categoryId": 42}).json()

PowerShell

powershell
$H = @{ "X-CertBoost-Key" = $env:CB_KEY }
Invoke-RestMethod -Headers $H `
  -Uri "https://certboost.xyz/api/lms/v1/categories"
Professional Services

Need help integrating the API?

Our team builds custom LMS connectors, SSO flows, and managed certification pipelines on top of the CertBoost API — from pilot to production.

Explore Services Contact Sales