This guide will walk you through using our Secure Token Service, which will allow you to make API calls to our Award Letter API.




To get things started, your API must authenticate through our OAuth service. Prior to invoking CampusLogic Award Letter API services, clients must first request a security token from the STS (secure token service.) A user name and password is required by the STS.


Figure1

CampusLogic STS

Request

Response

Example

CampusLogic Environments

Every request must contain a valid security token issued by the CampusLogic STS. Refer to Figure 1.

Figure 1 Download

Figure 1: Integration Diagram

Figure 1 depicts the following sequence:

  1. Consumer requests a security token from CampusLogic STS using credentials provided by CampusLogic.
  2. CampusLogic authenticates the credentials and issues a security token with that is set to expire after a set period of time.
  3. Consumer uses the security token to invoke CampusLogic Web Services.
  4. The CampusLogic Web Service response is received by Consumer.

CampusLogic STS


Development
https://studentverification.accesscontrol.windows.net/WRAPv0.9/
Production
https://verifymyfafsa.accesscontrol.windows.net/WRAPv0.9/


Environment


Endpoint


To following is an example request for a security token from the CampusLogic STS.

Request


Request URL: [CampusLogic STS
Root URL]/WRAPv0.9/
Request Method: Post
Request Body:
Name: wrap_name, Value: [user name]
Name: wrap_password,Value: [password]
Name: wrap_scope, Value: [CampusLogic Web Services Root URL]



Response


Response Body:
wrap_access_token=http%253a%252f%252fschemas.microsoft.com%252fws%252f2008%252f06%252fidentity%252fclaims%252frole%3dApi
%2bUser%26http%253a%252f%252fschemas.xmlsoap.org%252fws%252f2005%252f05%252fidentity%252fclaims%252fname%3dWGU%2bApi
%2bUser%26http%253a%252f%252fschemas.xmlsoap.org%252fws%252f2005%252f05%252fidentity%252fclaims%252fnameidentifier
%3ddev_wgu_system%26http%253a%252f%252fschemas.microsoft.com%252faccesscontrolservice%252f2010%252f07%252fclaims
%252fidentityprovider%3dhttps%253a%252f%252fstudentverification.accesscontrol.windows.net%252f%26Audience%3dhttps%253a
%252f%252fapidev.studentverification.com%253a5443%26ExpiresOn%3d1411470265%26Issuer%3dhttps%253a%252f
%252fstudentverification.accesscontrol.windows.net%252f%26HMACSHA256%3dlgRw8rwOXGG%252bjv
%252bDVyU7G3nqOQIMzIUqEa8BkojxwA8%253d&wrap_access_token_expires_in=59999


Each request made to a secured CampusLogic service must define a request header whose name is Authorization and value is in the following format:

WRAP access_token="[value of wrap_access_token from response body of the security token request]"

Note the following:

  • remove the "wrap_access_token=and "&wrap_access_token_expires_in={somenumber}" parts from the response body before sending it in the authorization header
  • the access_token value must have quotes around.
  • the response body above must be url decoded prior to use.

Example


WRAP access_token=

 "http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fclaims%2frole=Api+User&http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2f
name=WGU+Api+User&http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2fnameidentifier=dev_wgu_system&http%3a%2f%2fschemas.microsoft.com%2f
accesscontrolservice%2f2010%2f07%2fclaims%2fidentityprovider=https%3a%2f%2fstudentverification.accesscontrol.windows.net%2f&Audience=https%3a%2f%2fapidev.studentverification.com%3a5443
&ExpiresOn=1411470265 &Issuer=https%3a%2f%2fstudentverification.accesscontrol.windows.net%2f&HMACSHA256=lgRw8rwOXGG%2bjv%2bDVyU7G3nqOQIMzIUqEa8BkojxwA8%3d"





Now that you've set this up, please see the links below for next steps:


If you would like to transmit your Award Letter file via our API, please click here: Award Letter Import via API Call

If you would like our API service to send you a PDF copy of the award letters, please click here: Award Letter PDF via API Call 


________________________________________________________