Logout

Eklavvya WebAPI v2 / .NET 8

Base URL: https://api-v2.eklavvya.com  •  Interactive explorer: /swagger (login required)  •  Health: /home/TestAPI

Quick start

  1. Open the interactive explorer at /swagger — you'll be redirected to a login page protected by Cloudflare Turnstile CAPTCHA. Enter the credentials provided by the platform team.
  2. Call your tenant's login endpoint to obtain a JWT.
  3. In Swagger UI click Authorize and paste the JWT (without Bearer ).
  4. All subsequent calls send Authorization: Bearer <token> automatically.

The Swagger UI login is a separate gate from the platform JWT — it only protects access to the API explorer. Programmatic clients calling the API endpoints directly are unaffected.

Authentication

This API uses JWT bearer tokens. The token is issued by a tenant-specific login endpoint and validated on every request by a global authorization filter.

Header

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Content-Type: application/json

Anonymous (public) endpoints

Endpoints whitelisted in AuthorizationTokenFilter require no token — examples: /home/TestAPI, login endpoints, OTP endpoints, public lookups.

Admin endpoints

When calling admin endpoints, send the additional header IsAdmin: true plus a BrowserData fingerprint header (comma-separated triple) used for session-binding checks.

Response envelope

Every endpoint returns a uniform JSON shape:

{
  "Data": { ... endpoint-specific payload ... },
  "objStatusCode": 1,
  "Message": "Operation completed"
}

objStatusCode values

CodeMeaningHTTP
1Success200
2UnknownError200 (with error in Message)
3RequiredFieldIsEmpty200 (validation message in Message)
4NotFound200 (entity not found)

HTTP 401 is returned only when JWT validation fails or the global auth filter rejects the request.

Major endpoint groups

HomeHealth check & meta info
InstituteTenant configuration, branches, branding
LoginAuthentication for candidates, admins, proctors
StudentProfile, enrollment, exam assignments
ExamExam definitions, sections, settings
QuestionQuestion bank CRUD, AI generation
AssignStudentToExamAssignments, schedules, attempts
ResultScoring, reports, transcripts
ProctorLive proctoring, flags, snapshots
Gemini / OpenAIAI-driven evaluation, code grading
StorageSigned URLs, blob uploads
ReportingAggregated dashboards & exports

→ Browse the full endpoint list in Swagger UI

Example: login & first call

1. Login (illustrative shape)

POST /Login/AuthenticateUserEklavvyaWebAPI
Content-Type: application/json

{
  "username": "[email protected]",
  "password": "********",
  "instituteSubDomain": "your-tenant"
}

Response:

{
  "Data": { "Token": "eyJ...", "RefreshToken": "...", "UserID": 123, ... },
  "objStatusCode": 1,
  "Message": "Login successful"
}

2. Authenticated call

GET /Exam/GetAllExamByIDEklavvyaWebAPI?examID=42
Authorization: Bearer eyJ...

3. curl

curl -s https://api-v2.eklavvya.com/Exam/GetAllExamByIDEklavvyaWebAPI?examID=42 \
  -H "Authorization: Bearer $JWT" \
  -H "Accept: application/json"

CORS

Allowed origins are loaded from the DB at startup (institute URLs table). If your origin is not on the list, browser clients will be blocked by CORS — server-to-server callers are unaffected. Contact the platform admin to register a new tenant URL.

Errors & conventions

HTTPWhen
200Always for valid requests — inspect objStatusCode for outcome
401Missing / expired / revoked JWT, or fingerprint mismatch on admin calls
500Unhandled exception — logged centrally; correlate via timestamp

Note: the response field is intentionally spelled "objStatusCode" and the wrapper is ResponceModel (with a single ‘n’). This is intentional for backwards compatibility with all existing consumers.

Versioning & environments

EnvBase URL
v2 (Hostinger, .NET 8)https://api-v2.eklavvya.com
Production (GKE)internal — managed by ops