what is the use privatetoken in Moodle REST API response?

I am using Moodle core REST API and I am following this Stackoverflow answer for my login request. login end-point is working successfully.

API Request

$ curl -d username="fmcorz" -d password="$PASSWORD" 'https://moodle.org/login/token.php?service=moodle_mobile_app'


Response


"token":"SNIPTOKEN",
"privatetoken":"SNIPPRIVATE"



I am using token to get User ID and other stuff. But I want to know what is the main purpose of privatetoken?

according to my understanding this will use if moodle installation is on Https and "token" will we used when we use http but not sure as I have only http based server

please help to understand this so I can choose best available token to implement Moodle REST API.

thanks.

1 Answer
1

According to the token docs, privatetoken is only sent when the token is first created and should be saved by the client. The source says it's only sent when the connection is https and the user is not an admin. So I assume it's an edge thing as it should be returned only in very special circumstances. It sounds like it's the Random all-time valid token which can only be sent over https and not for an admin user.

privatetoken

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.