mobieusKnow mobieusCore API — Overview History #95

Revision #95

Approved
All revisions
Author
system
Submitted
Jun 2, 2026 10:32am
Summary
toolkit seed-community update
# mobieusCore API — Overview
+ The mobieusCore REST API is your tenant's programmatic surface. Use it to read events, list users and posts, manage webhook endpoints, read the marketplace, files, and moderation queue, act on reports, manage the full helpdesk surface (tickets, queues, canned responses, tags, AI hooks), author mobieusLearn courses + enrollments + certificates, and read or write mobieusKnow wiki pages.
The mobieusCore REST API gives your tenant programmatic access for reading events, managing users and posts, the full mobieusHelp surface (tickets, queues, agents, and mobieusAI support assists), mobieusLearn courses and enrollments, mobieusKnow pages, marketplace listings, moderation, and webhooks.
## Plan availability
+ The public REST API is available on **Pro**, **Creator Plus**, and **Sovereign** plans. Tenants on Starter get `403 plan_gated` on every API call with the current and required plans in the error envelope. Upgrade in **`/admin/billing`**.
The public REST API is available on **Pro**, **Creator Plus**, and **Sovereign** plans. Starter tenants get `403 plan_gated` on every call.
+ ## The shape of the API
## What's in the API
+ - **REST + JSON**: GETs read, POSTs change.
+ - **Bearer auth**: `Authorization: Bearer mc_live_...`
+ - **Per-tenant**: every endpoint lives on your tenant subdomain (e.g. `https://YOUR-TENANT.mobieus.io/api/v1/...`). A key from tenant A literally cannot read tenant B.
+ - **Cursor-paginated** lists: pass `?cursor=...&limit=N` (max 100). `next_cursor: null` means there's nothing more.
+ - **Response envelope** is always `{"data": ..., "next_cursor": ..., "request_id": "req_..."}`.
- **REST + JSON.** GETs read, POSTs change.
- **Bearer auth.** `Authorization: Bearer mc_live_...`. Mint keys at `/admin/api-keys`.
- **Per-tenant.** Every endpoint lives on your subdomain. A key from tenant A cannot read tenant B.
- **CORS enabled.** Every `/api/v1/*` endpoint emits CORS headers and handles `OPTIONS` preflight. Call the API from a browser directly.
- **Idempotency-Key.** POST requests accept `Idempotency-Key` for safe retry (24h TTL, scoped to key + tenant + path).
- **Cursor-paginated lists.** Pass `?cursor=...&limit=N` (max 100). Each list response includes `total_count`, `has_more`, and `next_cursor`.
## Surfaces
| Surface | Resources | Scopes | Guide |
|---|---|---|---|
+ | **Core** | events, users, posts, listings, files, reports, moderation, webhooks | `events:read`, `users:read`, `posts:read`, `listings:read`, `files:read`, `reports:read`, `reports:manage`, `moderation:read`, `webhooks:read`, `webhooks:manage` | this page |
+ | **mobieusHelp** | tickets, queues, agents, canned responses, tags, help topics, notification prefs, audit, 8 AI hooks | `helpdesk:read`, `helpdesk:write`, `helpdesk:admin` | [api-helpdesk](api-helpdesk) |
+ | **mobieusLearn** | courses, modules, lessons, activities, enrollments, attempts, certificates, certificate templates, SCORM packages | `learn:read`, `learn:write` | [api-learn](api-learn) |
+ | **mobieusKnow** | wiki pages, revisions, search | `know:read`, `know:write` | [api-knowledge](api-knowledge) |
| **Core** | events, users, posts, listings, files, reports, moderation, webhooks | `events:read`, `users:read`, `posts:read`, `listings:read`, `files:read`, `reports:read`, `reports:manage`, `webhooks:read`, `webhooks:manage` | this page |
| **mobieusHelp** | tickets, queues, agents, canned responses, tags, help topics, notification prefs, audit, mobieusAI assists | `helpdesk:read`, `helpdesk:write`, `helpdesk:admin` | [api-helpdesk](/know/api-helpdesk) |
| **mobieusLearn** | courses, modules, lessons, activities, enrollments, attempts, certificates, SCORM, xAPI, cohort grants | `learn:read`, `learn:write`, `learn:xapi:read`, `learn:xapi:write`, `learn:cohorts:grant` | [api-learn](/know/api-learn) |
| **mobieusKnow** | pages, revisions, search | `know:read`, `know:write` | [api-knowledge](/know/api-knowledge) |
| **SCIM 2.0** | users, groups (RFC 7644 provisioning) | Bearer token minted at `/admin/learn/scim-credentials` | [api-scim](/know/api-scim) |
+ ## Current version: 1.3.0
> Reading moderation actions (`GET /api/v1/moderation/actions`) uses the `reports:read` scope. There is no separate moderation scope.
+ | Version | Date | What |
> SCIM 2.0 is part of mobieusLearn and needs the mobieusLearn SCIM feature enabled. It is not configured from `/admin/config` — see [api-scim](/know/api-scim).
## mobieusAI support assists
mobieusHelp exposes mobieusAI helpers as API endpoints. Each runs on your tenant's own Anthropic key and only responds when its feature flag is on at `/admin/ai`.
| Endpoint | Method | What it returns |
|---|---|---|
+ | **1.3.0** | 2026-06-02 | mobieusLearn (25 endpoints), mobieusKnow (10 endpoints), mobieusHelp Phase 2 + 8 AI hooks (22 endpoints). 5 new scopes. |
+ | 1.2.0 | 2026-05-29 | mobieusHelp tickets / queues / agents / reply / status (read + write). |
+ | 1.1.0 | 2026-05-28 | Webhooks (HMAC-signed delivery + replay + rotate). Listings + files + reports + moderation. |
| `/api/v1/helpdesk/ai/reply-suggest` | POST | A drafted reply for a ticket |
| `/api/v1/helpdesk/ai/summary` | POST | A short summary of a ticket thread |
| `/api/v1/helpdesk/ai/categorize` | POST | A suggested category for a ticket |
| `/api/v1/helpdesk/ai/sentiment` | POST | The sentiment of a ticket |
| `/api/v1/helpdesk/ai/resolution-predict` | POST | A predicted resolution path |
| `/api/v1/helpdesk/ai/audit-qa` | POST | A QA review of an agent reply |
| `/api/v1/helpdesk/ai/canned-generate` | POST | A drafted canned response |
| `/api/v1/helpdesk/ai/knowledge-gaps` | GET | Topics your knowledge base is missing |
See [api-helpdesk](/know/api-helpdesk) for request and response shapes.
## Current version: 1.7.0
| Version | Date | What changed |
|---|---|---|
| **1.7.0** | 2026-06-14 | Documentation release. The full reference now covers the mobieusAI support assists, all of mobieusHelp (Phase 2 + write endpoints), mobieusLearn (courses, modules, lessons, activities, enrollments, cohorts, attempts, certificates, SCORM), and mobieusKnow. Corrected paths: helpdesk is `/api/v1/helpdesk`; SCIM is `/scim/v2/*`; ticket-by-reference uses `{ref}`. No endpoint changed its contract. |
| 1.6.0 | 2026-06-07 | CORS on all API routes. Idempotency-Key on POST. `total_count` + `has_more` on all list responses. 9 new webhook events (helpdesk, Learn, Know). SCIM 2.0 in spec. |
| 1.5.0 | 2026-06-05 | xAPI LRS endpoints + cohort-grant endpoint (`POST /api/v1/learn/cohorts/grant`). |
| 1.4.0 | 2026-06-03 | mobieusLearn live sessions (schedule, cancel, attach recording). |
| 1.3.0 | 2026-06-02 | mobieusLearn (25 endpoints), mobieusKnow (10 endpoints), mobieusHelp Phase 2 + 8 AI hooks. |
| 1.2.0 | 2026-05-29 | mobieusHelp tickets / queues / agents / reply / status. |
| 1.1.0 | 2026-05-28 | Webhooks (HMAC-signed + retry + rotation). Listings, files, reports, moderation. |
| 1.0.0 | 2026-05-27 | Events, users, posts (read-only). |
+ The full machine-readable spec is at `/docs/api/openapi.yaml` in your tenant. The Redoc viewer is at `/api/docs`.
The full machine-readable spec is at `/api/openapi.yaml`. The Redoc viewer is at `/api/docs`.
## Quick start
1. Generate a key at **`/admin/api-keys`**. Pick the smallest scope set that covers your use case.
+ 2. Pass it as a bearer token: `Authorization: Bearer mc_live_...`.
2. Pass it as a bearer token: `Authorization: Bearer mc_live_...`
3. Hit any GET endpoint to verify:
```bash
+ curl https://YOUR-TENANT.mobieus.io/api/v1/events \
curl https://YOUR-TENANT.mobieus.io/api/v1/events \\
-H 'Authorization: Bearer mc_live_...'
```
+ ## Authentication, scopes, rate limits
## Idempotency example
+ - **`api-authentication`** covers key minting, scope enforcement, rotation, per-key rate limits (60 / minute, 1000 / hour by default), and the error envelope.
```bash
POST /api/v1/helpdesk/tickets
Authorization: Bearer mc_live_...
Idempotency-Key: create-ticket-abc123
Content-Type: application/json
+ ## Webhooks
{"subject": "Help needed", "body": "..."}
```
+ - **`api-webhooks-quickstart`** covers HMAC signature verification, replay protection, and the delivery dashboard.
Retry with the same `Idempotency-Key` within 24 hours — the original response is replayed with `Idempotency-Replayed: true` and no duplicate ticket is created.
+ ## Per-surface guides
## CORS
+ - **`api-events-reference`** — event types fired by the platform.
+ - **`api-marketplace-files-moderation`** — listings, files, and the moderation queue.
+ - **`api-helpdesk`** — full helpdesk surface (tickets, queues, canned responses, tags, AI hooks).
+ - **`api-learn`** — mobieusLearn courses, enrollments, certificates, SCORM.
+ - **`api-knowledge`** — mobieusKnow pages + revisions + search.
All `/api/v1/*` responses include:
+ ## Common errors
```
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Authorization, Content-Type, X-CSRF-TOKEN, X-Requested-With
```
+ | HTTP | Code | When |
+ |---|---|---|
+ | 401 | `invalid_api_key` | No `Authorization` header, or the bearer key isn't recognised. |
+ | 403 | `insufficient_scope` | Key is missing the scope this endpoint requires. The body's `extra.required_scope` tells you which one to add. |
+ | 403 | `plan_gated` | Tenant plan doesn't include the public API. Upgrade to Pro or above. |
+ | 404 | `<resource>_not_found` | The specific row doesn't exist. |
+ | 429 | `rate_limited` | Per-key rate limit exceeded. Back off + retry; see `Retry-After`. |
+ | 500 | `server_error` | Internal error. Include `request_id` when you reach out.
To restrict allowed origins, set `cors.allowed_origins[]` in your tenant's app.ini. When an allow-list is set, the matching origin is echoed back with `Vary: Origin`.
+ ## Help
## Pagination shape (1.6.0)
+ Find issues or need an endpoint we haven't shipped? Open a ticket at **`https://support.mobieus.io/help/portal`** and reference the `request_id` from your last response.
Every list response now includes three pagination fields:
```json
{
"data": [...],
"next_cursor": "cur_abc...",
"total_count": 847,
"has_more": true,
"request_id": "req_..."
}
```

mobieusCore API — Overview

The mobieusCore REST API is your tenant's programmatic surface. Use it to read events, list users and posts, manage webhook endpoints, read the marketplace, files, and moderation queue, act on reports, manage the full helpdesk surface (tickets, queues, canned responses, tags, AI hooks), author mobieusLearn courses + enrollments + certificates, and read or write mobieusKnow wiki pages.

Plan availability

The public REST API is available on Pro, Creator Plus, and Sovereign plans. Tenants on Starter get 403 plan_gated on every API call with the current and required plans in the error envelope. Upgrade in /admin/billing.

The shape of the API

  • REST + JSON: GETs read, POSTs change.
  • Bearer auth: Authorization: Bearer mc_live_...
  • Per-tenant: every endpoint lives on your tenant subdomain (e.g. https://YOUR-TENANT.mobieus.io/api/v1/...). A key from tenant A literally cannot read tenant B.
  • Cursor-paginated lists: pass ?cursor=...&limit=N (max 100). next_cursor: null means there's nothing more.
  • Response envelope is always {"data": ..., "next_cursor": ..., "request_id": "req_..."}.

Surfaces

Surface Resources Scopes Guide
Core events, users, posts, listings, files, reports, moderation, webhooks events:read, users:read, posts:read, listings:read, files:read, reports:read, reports:manage, moderation:read, webhooks:read, webhooks:manage this page
mobieusHelp tickets, queues, agents, canned responses, tags, help topics, notification prefs, audit, 8 AI hooks helpdesk:read, helpdesk:write, helpdesk:admin api-helpdesk
mobieusLearn courses, modules, lessons, activities, enrollments, attempts, certificates, certificate templates, SCORM packages learn:read, learn:write api-learn
mobieusKnow wiki pages, revisions, search know:read, know:write api-knowledge

Current version: 1.3.0

Version Date What
1.3.0 2026-06-02 mobieusLearn (25 endpoints), mobieusKnow (10 endpoints), mobieusHelp Phase 2 + 8 AI hooks (22 endpoints). 5 new scopes.
1.2.0 2026-05-29 mobieusHelp tickets / queues / agents / reply / status (read + write).
1.1.0 2026-05-28 Webhooks (HMAC-signed delivery + replay + rotate). Listings + files + reports + moderation.
1.0.0 2026-05-27 Events, users, posts (read-only).

The full machine-readable spec is at /docs/api/openapi.yaml in your tenant. The Redoc viewer is at /api/docs.

Quick start

  1. Generate a key at /admin/api-keys. Pick the smallest scope set that covers your use case.
  2. Pass it as a bearer token: Authorization: Bearer mc_live_....
  3. Hit any GET endpoint to verify:
curl https://YOUR-TENANT.mobieus.io/api/v1/events \
  -H 'Authorization: Bearer mc_live_...'

Authentication, scopes, rate limits

  • api-authentication covers key minting, scope enforcement, rotation, per-key rate limits (60 / minute, 1000 / hour by default), and the error envelope.

Webhooks

  • api-webhooks-quickstart covers HMAC signature verification, replay protection, and the delivery dashboard.

Per-surface guides

  • api-events-reference — event types fired by the platform.
  • api-marketplace-files-moderation — listings, files, and the moderation queue.
  • api-helpdesk — full helpdesk surface (tickets, queues, canned responses, tags, AI hooks).
  • api-learn — mobieusLearn courses, enrollments, certificates, SCORM.
  • api-knowledge — mobieusKnow pages + revisions + search.

Common errors

HTTP Code When
401 invalid_api_key No Authorization header, or the bearer key isn't recognised.
403 insufficient_scope Key is missing the scope this endpoint requires. The body's extra.required_scope tells you which one to add.
403 plan_gated Tenant plan doesn't include the public API. Upgrade to Pro or above.
404 <resource>_not_found The specific row doesn't exist.
429 rate_limited Per-key rate limit exceeded. Back off + retry; see Retry-After.
500 server_error Internal error. Include request_id when you reach out.

Help

Find issues or need an endpoint we haven't shipped? Open a ticket at https://support.mobieus.io/help/portal and reference the request_id from your last response.

# mobieusCore API — Overview

The mobieusCore REST API is your tenant's programmatic surface. Use it to read events, list users and posts, manage webhook endpoints, read the marketplace, files, and moderation queue, act on reports, manage the full helpdesk surface (tickets, queues, canned responses, tags, AI hooks), author mobieusLearn courses + enrollments + certificates, and read or write mobieusKnow wiki pages.

## Plan availability

The public REST API is available on **Pro**, **Creator Plus**, and **Sovereign** plans. Tenants on Starter get `403 plan_gated` on every API call with the current and required plans in the error envelope. Upgrade in **`/admin/billing`**.

## The shape of the API

- **REST + JSON**: GETs read, POSTs change.
- **Bearer auth**: `Authorization: Bearer mc_live_...`
- **Per-tenant**: every endpoint lives on your tenant subdomain (e.g. `https://YOUR-TENANT.mobieus.io/api/v1/...`). A key from tenant A literally cannot read tenant B.
- **Cursor-paginated** lists: pass `?cursor=...&limit=N` (max 100). `next_cursor: null` means there's nothing more.
- **Response envelope** is always `{"data": ..., "next_cursor": ..., "request_id": "req_..."}`.

## Surfaces

| Surface | Resources | Scopes | Guide |
|---|---|---|---|
| **Core** | events, users, posts, listings, files, reports, moderation, webhooks | `events:read`, `users:read`, `posts:read`, `listings:read`, `files:read`, `reports:read`, `reports:manage`, `moderation:read`, `webhooks:read`, `webhooks:manage` | this page |
| **mobieusHelp** | tickets, queues, agents, canned responses, tags, help topics, notification prefs, audit, 8 AI hooks | `helpdesk:read`, `helpdesk:write`, `helpdesk:admin` | [api-helpdesk](api-helpdesk) |
| **mobieusLearn** | courses, modules, lessons, activities, enrollments, attempts, certificates, certificate templates, SCORM packages | `learn:read`, `learn:write` | [api-learn](api-learn) |
| **mobieusKnow** | wiki pages, revisions, search | `know:read`, `know:write` | [api-knowledge](api-knowledge) |

## Current version: 1.3.0

| Version | Date | What |
|---|---|---|
| **1.3.0** | 2026-06-02 | mobieusLearn (25 endpoints), mobieusKnow (10 endpoints), mobieusHelp Phase 2 + 8 AI hooks (22 endpoints). 5 new scopes. |
| 1.2.0 | 2026-05-29 | mobieusHelp tickets / queues / agents / reply / status (read + write). |
| 1.1.0 | 2026-05-28 | Webhooks (HMAC-signed delivery + replay + rotate). Listings + files + reports + moderation. |
| 1.0.0 | 2026-05-27 | Events, users, posts (read-only). |

The full machine-readable spec is at `/docs/api/openapi.yaml` in your tenant. The Redoc viewer is at `/api/docs`.

## Quick start

1. Generate a key at **`/admin/api-keys`**. Pick the smallest scope set that covers your use case.
2. Pass it as a bearer token: `Authorization: Bearer mc_live_...`.
3. Hit any GET endpoint to verify:

```bash
curl https://YOUR-TENANT.mobieus.io/api/v1/events \
  -H 'Authorization: Bearer mc_live_...'
```

## Authentication, scopes, rate limits

- **`api-authentication`** covers key minting, scope enforcement, rotation, per-key rate limits (60 / minute, 1000 / hour by default), and the error envelope.

## Webhooks

- **`api-webhooks-quickstart`** covers HMAC signature verification, replay protection, and the delivery dashboard.

## Per-surface guides

- **`api-events-reference`** — event types fired by the platform.
- **`api-marketplace-files-moderation`** — listings, files, and the moderation queue.
- **`api-helpdesk`** — full helpdesk surface (tickets, queues, canned responses, tags, AI hooks).
- **`api-learn`** — mobieusLearn courses, enrollments, certificates, SCORM.
- **`api-knowledge`** — mobieusKnow pages + revisions + search.

## Common errors

| HTTP | Code | When |
|---|---|---|
| 401 | `invalid_api_key` | No `Authorization` header, or the bearer key isn't recognised. |
| 403 | `insufficient_scope` | Key is missing the scope this endpoint requires. The body's `extra.required_scope` tells you which one to add. |
| 403 | `plan_gated` | Tenant plan doesn't include the public API. Upgrade to Pro or above. |
| 404 | `<resource>_not_found` | The specific row doesn't exist. |
| 429 | `rate_limited` | Per-key rate limit exceeded. Back off + retry; see `Retry-After`. |
| 500 | `server_error` | Internal error. Include `request_id` when you reach out.

## Help

Find issues or need an endpoint we haven't shipped? Open a ticket at **`https://support.mobieus.io/help/portal`** and reference the `request_id` from your last response.