Using the Thinkific API

The Thinkific APIs allow developers to extend Thinkific's functionality in a variety of different ways by accessing site data.

API Use CasesLink

The API has been designed for two primary use cases, each of which has a different recommended method of authentication:

Private AppsLink

Advanced course creators that are looking to build their own private solutions and extensions on top of Thinkific should use Private Apps. The recommended authentication method to begin building private apps is to use the API Key and Subdomain that are provided on your Thinkific Site.

*Note: When using this authentication, course creators must be on a Paid Thinkific plan (Pro + Growth, Premier or Plus)

Learn how to authenticate using API Key

Public AppsLink

Public Apps are built with the intention of being distributed and installed on many Thinkific sites.

The recommended authentication method to build Public Apps is use our OAuth Authentication method. Authenticating using our OAuth system requires that you first create a Thinkific Parnter Account and register an App to access your credentials.

*Note: When using this authentication, course creators must be on a Paid Thinkific plan (Basic, Pro + Growth, Premier or Plus)

Learn how to authenticate using OAuth

Cross Origin RequestsLink

Cross origin requests are supported, although it should be noted that making calls to the the API using client-side javascript is insecure as API keys can easily be discovered. We recommend using your server as a proxy to make calls to the Thinkific API to ensure that you do not expose your API key.

Data FormatLink

All data is returned in JSON format.

Date FormatLink

All dates and timestamps are returned and expected in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ


All collections returned are limited to 25 items by default. This limit can be overridden by providing a "limit" parameter in your request. You can request up to 250 items per API by overriding the limit parameter.

For example:

curl \
-H "Authorization: Bearer <access_token>"

The above request will return up to 50 collection items.

You can also specify the page within a collection of items to retrieve. This is useful in combination with the limit parameter to loop until all items have been retrieved.

For example:

curl \
-H "Authorization: Bearer <access_token>"

All endpoints that return a collection of items will also contain a meta key that provides a hash of pagination data.

For example:

      "full_name":"Bob Smith",
      "company": "A Company",
          "label":"Phone Number",

You can use the information in the pagination hash to determine whether there are more items to fetch.

Validation ErrorsLink

All create and update operations have the potential to return validation errors if you pass invalid data. The general format is:

  "errors": {
    "email": ["has already been taken"],
    "password": ["is too short (minimum is 6 characters)"]

and responses will have an HTTP status code of 422.