Choose language

Flyt Skole API: Access and Integration

This section provides everything you need to authenticate, set up, and start using the Flyt Skole – External API. It covers how to gain access to the environments, manage credentials, and begin testing your integration.

Authentication and Authorization

Access to Flyt Skole – External API is managed securely through OAuth 2.0 using the client credentials flow. All access is configured via the Visma Developer Portal at oauth.developers.visma.com.

How it works

  1. Applications are configured in the Visma Developer Portal
    Each third-party integration is granted access through a custom application setup. These applications define what the integration is allowed to access (known as "scopes").

  2. Access is limited to specific scopes
    We can define exactly which parts of the API a third party can access. For example, an LMS provider like Identum might only get access to the LmsExport scope for specific municipalities.
  3. Customers are connected to applications.
    Once an application is created, Visma Flyt will connect individual customers (municipalities/schools) to that application in Flyt Skole via the TENANT settings in our admin panel.

 

Example: Granting access to an LMS vendor

  • A dedicated application (vfsapiclient_lms) is created with the scope vfsapi:lmsexport.

  • Selected customers are linked to that application.

  • LMS vendor receives only the credentials and access they need—nothing more.

Required Credentials for Access

Once the application and customer linkage is complete, third parties will need the following to authenticate:

Key

Value

Description

client_id

vfsapiclient_leveranse

ID of the integration application

client_secret

***************

Secret key generated in the Developer Portal

tenant_ID

e.g. aa750693-e3ea-441b-93fe-...

Unique per municipality/school, from Flyt Skole

grant_type

client_credentials

OAuth 2.0 grant type used

scope

vfsapi:lmsexport

The part of the API this token will grant access to

 

Token Request Endpoint

All third parties authenticate by making a token request to https://connect.visma.com/connect/token

The response will include an access_token used in subsequent API calls.

 

Example request

curl -X POST https://connect.visma.com/connect/token \

  -H "Content-Type: application/x-www-form-urlencoded" \

  -d "client_id=vfsapiclient_leveranse" \

  -d "client_secret=************" \

  -d "grant_type=client_credentials" \

  -d "tenant_ID=aa750693-e3ea-441b-93fe-6a71a8371afa"

 

Once you receive the token, you can call authorized endpoints like this:

curl -X GET https://skole.visma.com/api/external/lms/pifu \

  -H "Authorization: Bearer {access_token}"

 

You can inspect the content of any access token at https://jwt.io.

Environments in Flyt Skole

Flyt Skole supports two environments.

  • Sandbox – For testing and development, using simulated data.

  • Production – For live integrations with real data.

Access to production is restricted and subject to approval.

Rate Limits and Quotas

To ensure stable operations:

  • Default rate limits are set per application.

  • Quotas (daily/monthly) can be configured per partner.

  • Alerts are issued if usage approaches the limits.

Custom usage plans can be arranged upon request.

Versioning & Deprecation Policy

We use semantic versioning (v1.2.3) for all API versions. Breaking changes will always require a major version bump.

Deprecation policy:

  • Changes are announced 3 months in advance

  • Deprecated versions are supported for at least 6 months