The Private API provides a way to export registrations, transactions, and members. This API is intended for integrations that need to access private or sensitive data that should not be publicly accessible. The Private API is primarily used for periodically exporting large amounts of data. A typical usage example is hourly syncing to a client system with new data since the last request.  These endpoints are not recommended for interactive or real-time systems.

The following ERD shows how the API endpoints relate to one another:

LeagueApps-ERD.png

As of February 2019, version of 2 of the export endpoints (registrations-2, members-2, and transactions-2) now return a limited number of results per request and require the last-updated and last-id parameters. **Existing /export/registrations, /export/members, and /export/transactions endpoints are deprecated and will be removed in the future.**The last-updated and last-id request parameters should be set to 0 for the first request. The last-updated and last-id request parameters should be updated after each response to the lastUpdated and id values in the last record received. To get full results, requests should be made until 0 records are returned.

To access Private API endpoints, you will need a Private API Key. Please note that anyone who has access to your site ID and Private API Key will be able to access information about your registrations, members, and transactions. See Generate a private API key for information about generating a private API key.

OAuth 2 with JSON Web Tokens (JWT) is used for authorization. There are many OAuth 2 libraries for all programming languages. jwt.io lists libraries for most programming languages for creating JWTs and also a web-based tool to view JWTs for debugging. The example code directly uses a JWT python library.

OAuth 2 Token URL: https://auth.leagueapps.io/v2/auth/token

URL and servers

There are multiple LeagueApps servers that you may be using for development. If you're unsure of which server you're working on, you can check the URL of the admin dashboard. Each server has its own base URL and authentication URL that need to be used to acquire the API token and then reach private API endpoints. The following table lists the different LeagueApps servers, the admin dashboard base URL, the auth URL, the base URL for accessing the Private API, and the token URL for OAuth 2.

Servers and Private API URLs

General Steps

  1. Generate a private API key when logged into the LeagueApps admin dashboard.
  2. Create a JWT assertion.
  3. Post the JWT to get an Access Token.
  4. Pass the Access Token as a Bearer Authorization header to API requests.
  5. When the Access Token expires, repeat the process to get a new token. Note that the Access Token expires after 15 minutes (900 seconds).