Authorization

Follow this guide to create a new Moodle LMS credential that will allow Nexla to authenticate to and exchange data with your Moodle instance.

Moodle LMS

Prerequisites

Nexla connects to Moodle LMS through its REST web services API. Before creating a credential in Nexla, you must enable web services on your Moodle instance and obtain either a pre-generated token or the credentials needed to generate one at runtime.

Enable Web Services on Your Moodle Instance

Web services must be enabled by a Moodle site administrator before any external API access is possible.

1. Log in to your Moodle instance as a site administrator.

2. Navigate to Site administration > Advanced features.

3. Check the Enable web services checkbox and click Save changes.

4. Navigate to Site administration > Plugins > Web services > Manage protocols.

5. Enable the REST protocol by clicking the eye icon in the Enable column next to REST, then click Save changes.

Create or Identify a Service Account User

Moodle's web services require API calls to be associated with a specific user account. Nexla recommends using a dedicated service account rather than a personal admin account.

1. Navigate to Site administration > Users > Add a new user.

2. Fill in the required fields: Username, First name, Surname, Email address, and Password. Use a strong password and note it for later.

3. Set the Authentication method to Manual accounts.

4. Click Create user to save the new service account.

Create an External Service and Add Functions

An external service defines which API functions are exposed and which users are authorized to call them.

1. Navigate to Site administration > Plugins > Web services > External services.

2. Click Add to create a new external service.

3. Enter a Name (e.g., Nexla Integration) and a Short name (e.g., nexla_integration). Note the short name, as it is required for the Username & Password authentication method.

4. Ensure both Enabled and Authorised users only are checked, then click Add service.

5. On the External services page, click Functions next to your new service.

6. Add all required API functions by searching for and selecting them. At a minimum, add core_webservice_get_site_info (used to validate the connection). Add additional functions corresponding to the Moodle LMS endpoints you plan to use with Nexla.

7. Return to the External services page and click Authorised users next to your service.

8. Search for and add the service account user created above.

Obtain Your Token

Moodle supports two token approaches, corresponding to the two credential types available in Nexla:

Option A — Pre-Generated Token (recommended for simplicity):

1. Navigate to Site administration > Plugins > Web services > Manage tokens.

2. Click Add to create a new token.

3. Select the service account user in the User field and select your external service in the Service field.

4. Optionally set an expiry date in the Valid until field.

5. Click Save changes. The generated token will be displayed on the Manage tokens page — copy and store it securely, as this is the value you will enter in Nexla.

Option B — Username & Password (Auto Token):

With this method, Nexla automatically exchanges the service account username and password for a token at runtime by calling Moodle's /login/token.php endpoint. No manual token generation is required, but you must provide the service account Username, Password, and the Service Shortname of your external service.

For additional security, Moodle tokens can be assigned an expiry date. If you use a pre-generated token with an expiry, you will need to generate a new token and update the Nexla credential before the existing token expires. The Username & Password method avoids this by obtaining a fresh token automatically at runtime.

Create a Moodle LMS Credential

• To create a new Moodle LMS credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

   Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Authentication Method

Nexla supports two authentication methods for Moodle LMS. Select the method that matches how you obtained your token in the prerequisites section.

Moodle LMS Authentication Methods

Username & Password (Auto Token)

Nexla automatically exchanges your Moodle service account username and password for a web service token at runtime by calling the Moodle /login/token.php endpoint. The token is cached and reused for all API calls. This method requires the service account user to be authorized on the named external service.

1. Enter the base URL of your Moodle instance in the **Site URL** field. This should be the root URL without a trailing slash — for example, `https://lms.yourorganization.com`. All API calls will be made relative to this URL.
2. Enter the username of the Moodle service account in the **Username** field. This must be the username of a user who is authorized on the external service you configured in the prerequisites.
3. Enter the password of the Moodle service account in the **Password** field. The password is transmitted over HTTPS to Moodle's `/login/token.php` endpoint and is not stored in plain text by Nexla.
4. Enter the short name of the Moodle external service in the **Service Shortname** field. This is the value you set when creating the external service in Moodle — for example, `nexla_integration`. The default value `moodle_mobile_app` refers to Moodle's built-in mobile app service, which can be used if it has been enabled and the service account authorized on it.

Pre-Generated Token

Uses a static web service token generated in Moodle admin under Site administration > Plugins > Web services > Manage tokens. No username or password is required at runtime. This is the simpler option when you already have a valid token, but the token must be manually regenerated if it expires.

1. Enter the base URL of your Moodle instance in the **Site URL** field. This should be the root URL without a trailing slash — for example, `https://lms.yourorganization.com`.
2. Enter the pre-generated web service token in the **Web Service Token** field. This is the token you generated in Moodle admin under **Site administration** > **Plugins** > **Web services** > **Manage tokens**. The token authenticates all API requests Nexla makes to your Moodle instance.

Save the Credential

1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.