Getting Started with the LifterLMS REST API

The LifterLMS REST API is fully integrated with the WordPress REST API and allows LifterLMS resources to be created, read, updated, and deleted using HTTP requests in JSON format. The API uses authentication from LifterLMS REST API Keys, standard WordPress REST API authentication, or methods provided by third party authentication plugins.

Video Tutorial

To use the latest version of the REST API you must be using the following:

• LifterLMS Version 3.34.0+.
• WordPress 5.2+.
• Pretty permalinks in Settings -> Permalinks so that the custom endpoints are supported. Default permalinks will not work.
• An SSL certificate.

Most requests to the LifterLMS REST API must be authenticated.

The primary method of authentication is via a REST API Key but you may also use the WordPress core authentication methods. Most REST API authentication plugins should work as well.

API Keys can be generated on the WordPress admin panel.

To generate a new API key:

1. Navigate to LifterLMS -> Settings -> REST API

2. Click the “Add API Key” button

3. Fill in the fields to create your API Key

• Description: A friendly, human readable name for the API key.
• User: The user who owns the API key. This user will be used to determine what actions are available to the API key based on the user’s capabilities.
• Permissions: Determines what kind of requests can be made by the key.
  • “Read” allows GET requests to be performed, for example retrieve information about a course or a student.
  • “Write” allows POST, PUT, PATCH, and DELETE requests to be performed, for example create or update a course, enroll a student, or delete a lesson.
  • “Read/Write” allows all requests to be performed.
  • Note that the user who owns the key must have the capabilities to perform the action in addition to the key having the required permissions.

4. Click the “Save” button to generate the API key.

5. After your API Key has been generated make sure you copy your API credentials in a secure place or use the “Download Keys” button to save a copy of your credentials to your computer. After leaving the screen the full credentials will never be displayed on screen again!

Revoking an API Key deletes it from your database. Requests made with a deleted API key will fail due to authorization errors.

To revoke an API Key:

1. Navigate to LifterLMS -> Settings -> REST API
2. Locate the key you wish to revoke
3. Click the “Revoke” link

The full API reference is located at https://developer.lifterlms.com/rest-api/.

Should you wish to completely disable the REST API you may do so by adding a constant to your wp-config.php file: