Skip to main content
Every VClasses API endpoint requires a Bearer token in the Authorization header. You obtain this token when your account authenticates with VClasses. Include it with every request — the API does not support session cookies or other authentication schemes.

Header Format

Add the following headers to every request:
Authorization: Bearer <your-token>
Accept: application/json
Always include Accept: application/json. Without it, the API may return an HTML redirect (302) instead of a JSON 401 error, which can silently break API clients that don’t follow redirects or don’t expect HTML responses.

Role Requirements

VClasses enforces role-based access on every endpoint:
  • Admin endpoints — all /admin/ paths and quiz management routes require your token to belong to an account with the admin role.
  • Student endpoints — the PDF quiz submission endpoint (POST /api/v3/quiz/submit-pdf) requires an authenticated student account.
If your token is valid but your account lacks the required role, the API returns a 403 Forbidden response. See Error Responses below for details.

Error Responses

401 Unauthorized

Returned when your token is missing, invalid, or expired.
{
  "message": "UnauthorizedRequest",
  "errors": null
}
Resolve this by re-authenticating to obtain a fresh token and updating the Authorization header in your requests.

403 Forbidden

Returned when your token is valid but your account does not have permission to perform the requested action. The message field indicates the specific reason:
message valueMeaning
"Unauthorized Access"Your account lacks the role required for this endpoint.
"QuizDurationExpired"The allowed time window for the quiz has passed.
"PayFirstToAccessTheCourse"Access to this resource requires an active course payment.
Example response:
{
  "message": "Unauthorized Access",
  "errors": null
}
Resolve role issues by ensuring you are using a token for an account with the correct role (admin or student) for the endpoint. For quiz or payment-related 403 errors, check the quiz deadline or course enrollment status.

Example Request

The following curl command demonstrates correct header usage when calling an admin endpoint:
curl --request GET \
  --url https://app.example.com/api/v3/admin/homeworks \
  --header "Authorization: Bearer <your-token>" \
  --header "Accept: application/json"
For a POST request with a JSON body, add Content-Type: application/json:
curl --request POST \
  --url https://app.example.com/api/v3/admin/homeworks/grade/42 \
  --header "Authorization: Bearer <your-token>" \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --data '{"rating": 8, "comment": "Well structured argument."}'
For a PDF file upload, use multipart/form-data (curl sets this automatically with --form):
curl --request POST \
  --url https://app.example.com/api/v3/quiz/submit-pdf \
  --header "Authorization: Bearer <your-token>" \
  --header "Accept: application/json" \
  --form "file=@/path/to/answers.pdf"