TXTRAX LRS
Community

CMI5 API

The cmi5 API issues a scoped launch token for a cmi5 Assignable Unit (AU). Given the target activity, the learner (agent) and the launching origin, it creates a short-lived, store-scoped cmi5 client and returns the xAPI endpoint plus a launch token the AU uses to authenticate its xAPI traffic. Authentication, value types, and error responses are common to all TRAX APIs.

Getting access

  • Enable the API. Always enabled — the cmi5 API has no feature toggle.
  • Client permission. The calling client must have the cmi5-tokens permission enabled (Clients → edit → Permissions). Authentication is HTTP Basic — see Authentication.
  • Base path. Copy your client's cmi5_endpoint (…/stores/{store}/cmi5) from the Clients page (the ⓘ info button) and append /tokens.

Create token

Creates a scoped cmi5 client and returns the xAPI endpoint and launch token for an AU launch.

POST /trax/api/gateway/clients/{client}/stores/{store}/cmi5/tokens

Path segments:

  • {client} — your API client id.
  • {store} — the id of the store the token is scoped to.

Request body

Name Type Description
activity_id IRI The cmi5 AU activity to launch (a URL). Example: http://example.com/courses/intro/au1
agent Agent IFI The learner the token is issued for. Example: {"mbox":"mailto:jane@example.com"}
origin string The launching origin (the site launching the AU). Example: https://lms.example.com

Response

On success, 200 with a JSON body:

Field Type Description
endpoint string (URL) The xAPI endpoint the AU sends statements to (trailing slash included). It points at a freshly generated, store-scoped cmi5 client — a different client id from the {client} that requested the token.
token string A base64-encoded username:password launch token, used as HTTP Basic credentials against endpoint.

Example response

{
  "endpoint": "https://<host>/trax/api/gateway/clients/<cmi5-client-id>/stores/{store}/xapi/",
  "token": "Y21pNS1hYmMxMjM6czNjcjN0LXA0c3N3MHJk"
}

To launch the AU, use the returned token as HTTP Basic auth (Authorization: Basic <token>) against the returned endpoint.