The WorldSkills API provides access to various resources related to WorldSkills events, people, and organizations. It is available to all WorldSkills Members. This documentation lists the available endpoints and how to use them.
To access the API, a Bearer token is required for authentication. A token can be obtained with the OAuth 2.0 protocol. Each application needs a client ID and a client secret. Contact the WorldSkills International IT team to obtain these credentials.
The simplest authentication flow implementation is with the Implicit grant type - send the user to the following authorization URL:
https://auth.worldskills.org/oauth/authorize?response_type=token&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URIOnce the user has logged in and authorized the application, they will be redirected to the redirect URI with the access token in the URL fragment:
https://example.org/callback#access_token=ABCD-EFGH-1234-5678The alternative Authorization Code grant type requires the application to exchange the authorization code for an access token:
https://auth.worldskills.org/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URIAn authorization code is returned to the redirect URI:
https://example.org/callback?code=1234567890Then the application can exchange the authorization code for an access token, note that the client ID and the client secret need to be sent as Basic authentication header:
curl -X POST \
"https://api.worldskills.org/auth/access_token" \
-H "Authorization: Basic BASE64(CLIENT_ID:CLIENT_SECRET)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&code=1234567890&redirect_uri=YOUR_REDIRECT_URI"The response will contain the access token:
{
"access_token": "ABCD-EFGH-1234-5678",
"token_type": "Bearer"
}