2

I am using Moodle core REST API and I am following this Stackoverflow answer for my login request. login end-point is working successfully.

API Request

$ curl -d username="fmcorz" -d password="$PASSWORD" 'https://moodle.org/login/token.php?service=moodle_mobile_app'

Response

{
  "token":"SNIPTOKEN",
  "privatetoken":"SNIPPRIVATE"
}

I am using token to get User ID and other stuff. But I want to know what is the main purpose of privatetoken?

according to my understanding this will use if moodle installation is on Https and "token" will we used when we use http but not sure as I have only http based server

please help to understand this so I can choose best available token to implement Moodle REST API.

thanks.

Koen Hollander
  • 1,687
  • 6
  • 27
  • 42
user3031108
  • 93
  • 7

1 Answers1

3

According to the token docs, privatetoken is only sent when the token is first created and should be saved by the client. The source says it's only sent when the connection is https and the user is not an admin. So I assume it's an edge thing as it should be returned only in very special circumstances. It sounds like it's the Random all-time valid token which can only be sent over https and not for an admin user.

codebrane
  • 4,290
  • 2
  • 18
  • 27