API Keys
All REST API calls require a Bearer token:
Authorization: Bearer edp_live_<your-key>
Scopes
Each API key can be granted one or more scopes:
| Scope | Grants access to |
|---|
read:assessments | List/fetch assessments, collections, webhooks. Grade single questions via /check. |
write:assessments | Create/update assessments, manage collections, register webhooks, mint embed tokens. |
read:results | Fetch submissions, learner results, assessment results, collection results. |
write:submissions | Submit answers for server-side grading via POST /assessments/{id}/submit. |
Grant the minimum scopes your integration needs.
Rate Limits
All keys share the same limit: 100 requests per minute per key.
When exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating when to retry.
The /check endpoint has a separate per-question rate limit (default 3 checks per question per session, configurable per org).
Response Envelope
All API responses use a consistent envelope:
// Success
{ "data": <payload>, "error": null, "meta": <pagination-or-null> }
// Error
{ "data": null, "error": { "message": "..." }, "meta": null }
{
"data": [...],
"error": null,
"meta": { "total": 42, "page": 1, "limit": 20 }
}
The learner_ref field
Every submission and session accepts a learner_ref — your internal identifier for the learner:
- Use a stable, immutable ID (database primary key or UUID)
- Never use mutable values like email addresses
- Edpire echoes it back exactly as provided and never validates it
- Not unique-enforced — the same learner can have multiple submissions
