API Reference¶

Overview¶

EduDesk provides a JSON API for integration with third-party systems such as LMS platforms, HR systems, and mobile apps.

All API endpoints require authentication.

Base URL¶

https://app.edudesk.africa/api/

For demo:

https://demo.edudesk.africa/api/

Authentication¶

All requests must include a valid session cookie (obtained by logging in via /api/login.php) or a CSRF token header.

Login:

POST /api/login.php
Content-Type: application/json

{
  "username": "admin",
  "password": "your_password"
}

Response:

{
  "ok": true,
  "user": {
    "id": "abc123",
    "username": "admin",
    "role": "admin",
    "school_id": "school_1"
  }
}

Include the returned session cookie in all subsequent requests.

CSRF Protection¶

All mutating requests (POST, PUT, DELETE) require a CSRF token:

X-CSRF-Token: <token_from_meta_tag>

The token is available in the page source:

<meta name="csrf-token" content="TOKEN_HERE">

Common Endpoints¶

Students¶

Attendance¶

Fees¶

Push Notifications¶

Response Format¶

All endpoints return JSON:

{
  "ok": true,
  "data": { ... }
}

Errors:

{
  "ok": false,
  "error": "Error message here"
}

Rate Limiting¶

API requests are rate-limited to 60 requests per minute per IP address. Exceeding this returns HTTP 429.

Webhooks¶

EduDesk can POST events to your system. Configure the webhook URL in Settings → Integrations → Webhook URL.

Events fired: - student.enrolled - fee.paid - result.published - notice.created - attendance.marked

Webhook payload:

{
  "event": "fee.paid",
  "school_id": "school_1",
  "data": { ... },
  "timestamp": "2026-06-08T13:00:00Z"
}