Bridge API Overview
We appreciate your interest in the Bridge API and would love to hear about the things you build with it. It is available to our customers for use in integrating Bridge with other applications and systems. API endpoints are currently available for resources related to the Learn parts of the Bridge product. We are working on making additional resources available via API. Here are some things to remember as you get started:
API Performance
We currently do not provide any explicit service agreements, but please let our support team know if you are seeing problems with API performance. We continuously monitor the performance and will respond to any issues that are reported as quickly as possible.
Current API Scope
When you generate your API Token in your account, it is based on one of the standard Bridge roles. With the token, you can currently perform any action that can be performed by a user with that role in Bridge. For example, since an Admin can delete users, someone using a token based on the Admin role can delete users using the API. Be careful with your tokens and calls.
So far we have been focused on making the learning related parts of Bridge accessible via API. That means you can use the APIs to manage things like Users, Checkpoints, Courses, Groups, Live Trainings, Programs, Tags, etc. The full list is available in the API Resources section of this documentation.
Feedback and Support
We love feedback. Your comments will make a huge difference in how we shape this API moving forward. If need help it is always available at support@getbridge.com.
Payload Formats
The Bridge API accepts JavaScript Object Notation (JSON) payloads only. All payloads passed must be valid JSON to be accepted. If you are unsure of your JSON, you can use an external validator, such as jsonlint.com. There are many such tools available on the internet. Your calls should generally include the following headers:
Content-Type -> application/json
Accept -> application/json
Response Codes
The most common response codes received are:
200 OKAll good. Process the response.201 CreatedProcess the response.204 No ContentNo additional action.401 UnauthorizedUser not authorized. Try to re-authenticate.403 ForbiddenAction not permitted for user.
Rate Limiting
Each API Token or User has a limit on the cost of requests they make to our API. Our current limit is 300 requests, with 5 available per second. Think of your API requests to Bridge as a bucket that holds 300 calls which refills at a rate of 5 per second. You will max out at 5 calls per second, but Bridge continually adds 5 calls back to the bucket every second. The headers for each response will document the cost of the request and the amount remaining.
E.g.
X-Rate-Limit-Remaining -> 299
X-Request-Cost -> 1
Authentication
Most calls require some form of authentication. The call may either be performed as a particular user, or using an API key.
Authenticating as a User
Note: This method is not recommended. See the Using API Key and Secret section below.
Follow the instructions in the Sessions API to get a session token.
Include this token in the Authorization header of all future requests, preceded by the word Basic. For example if the token granted was abc123, then send:
Authorization -> Bearer abc123
Using an API Key and Secret or Token
You can generate an API Key, Secret and encoded Token in your Bridge Account. This is done on the Admin > Account Settings > API page. Save this information! The API Secret cannot be recovered if lost. If you lose the secret your only option is to invalidate the key and issue a new key and secret pair.
To encode the key and secret, append the secret to the key, separated by a colon :. Encode with base 64 and include it in the Authorization header of all API requests, preceded by the word Basic.
E.g. if your key is abc123, and your secret is def456, encode abc123:def456 in Base64 to obtain YWJjMTIzOmRlZjQ1Ng==, then include the following header in future requests:
Authorization -> Basic YWJjMTIzOmRlZjQ1Ng==