Integrations

GoSkills API

1 minute read

The GoSkills REST API reference is available here: https://api.goskills.com/api/reference
The GoSkills SCIM API reference is available here: https://scim.goskills.com/api/reference
You can download the OpenAPI 3 specification file for each API from the reference pages.
If you have any questions or require assistance, please let us know and we’ll be happy to help.

Authentication / authorization

All requests should be made with the request header X-API-Key set to the value of your API key. Alternatively, if setting custom headers is difficult, you can set the Authorization header with (or without) the Bearer prefix.

API keys

API keys can be generated and disabled in your organization dashboard. Just visit API keys under Manage in the administrator navigation.
Please treat API keys with great care.

BETA: Realtime updates with webhooks (reverse API)

GoSkills is adding support for a growing number of webhooks. Webhooks can be used to receive notifications when events occur on the GoSkills platform.
Currently, learner course started and learner course completed events are supported.
Subscription and management of subscriptions are performed via the GoSkills REST API - sometimes this is referred to as "rest hooks".

Webhook registration validation (handshake)

To ensure we deliver events only to those who wish to receive them, we require validation of a webhook registration created via the API by responding with the X-Hook-Secret header. Upon creation of the registration via the API, we will send an empty handshake request to the URL provided, with the X-Hook-Secret header set. The response must echo back the X-Hook-Secret header with the value specified in the request header, with a 2XX status code. Only after successful validation will events be delivered to a webhook registration's provided URL.

Webhook event payload validation

We support event payload validation if a shared secret is provided during webhook registration. To validate the authenticity of the event received, perform a HMAC SHA256 of the shared secret + payload and compare the computed value with the X-Signature header provided in the request.