Authorization header. You obtain this token when your account authenticates with VClasses. Include it with every request — the API does not support session cookies or other authentication schemes.
Header Format
Add the following headers to every request:Role Requirements
VClasses enforces role-based access on every endpoint:- Admin endpoints — all
/admin/paths and quiz management routes require your token to belong to an account with theadminrole. - Student endpoints — the PDF quiz submission endpoint (
POST /api/v3/quiz/submit-pdf) requires an authenticated student account.
403 Forbidden response. See Error Responses below for details.
Error Responses
401 Unauthorized
Returned when your token is missing, invalid, or expired.Authorization header in your requests.
403 Forbidden
Returned when your token is valid but your account does not have permission to perform the requested action. Themessage field indicates the specific reason:
message value | Meaning |
|---|---|
"Unauthorized Access" | Your account lacks the role required for this endpoint. |
"QuizDurationExpired" | The allowed time window for the quiz has passed. |
"PayFirstToAccessTheCourse" | Access to this resource requires an active course payment. |
Example Request
The followingcurl command demonstrates correct header usage when calling an admin endpoint:
Content-Type: application/json:
multipart/form-data (curl sets this automatically with --form):

