client_id and client_secret.https://[organization].pluvo.com/graphql/The Pluvo API enables external systems such as HRM platforms and integration tools to programmatically communicate with the Pluvo platform.
Access to the API requires an OAuth token that you request via:
POST https://[organization].pluvo.com/oauth/token/Important:
/Content-Type: application/x-www-form-urlencodedgrant_type=client_credentialsclient_id=...client_secret=...scope=... (e.g., users.read trainings.write)A valid token is included as a Bearer token in API requests:
Authorization: Bearer <your_token>Access tokens are valid for 24 hours. After expiry, request a new token using the same credentials. There is no refresh token flow for client_credentials — simply request a new token.Scopes control what your API client can access. Request only the scopes you need.
| Scope | Access | Description |
|---|---|---|
users.read | Users | View user profiles, roles, groups, extra fields |
users.write | Users | Create, update, archive users |
trainings.read | Trainings | View learning journeys, modules, progress |
trainings.write | Trainings | Create, update, archive trainings |
groups.read | Groups | View groups, members, managers |
groups.write | Groups | Create, update, delete groups and memberships |
events.read | Events | View module groups, offers, enrollments |
events.write | Events | Create, update, manage offers and enrollments |
extra_categories.write | Extra Categories | Create and update custom categorization fields |
Multiple scopes can be requested in a single token by separating them with spaces: scope=users.read users.write trainings.readAll requests are made to:
https://[organization].pluvo.com/graphql/The trailing slash is required. Requests without it will return a redirect or error.
The Pluvo API implements a full GraphQL interface. You determine which fields you retrieve or update, ensuring minimal payloads and maximum flexibility.
Example query:
query user($ref: String!) {
user(ref: $ref) {
ref
name
email
isActive
}
}The ref serves as a unique identifier within your own system. You can determine this value yourself when creating an object, as long as it remains unique within the entity.
GraphQL errors are returned in the response body with HTTP status 200. Always check the errors array:
{
"data": null,
"errors": [
{
"message": "User not found",
"locations": [{"line": 2, "column": 3}],
"path": ["user"]
}
]
}Common error scenarios:
null result with error in errors array.Pluvo supports webhooks for real-time notifications about:
Webhook configuration is done through the admin interface of your organization's Pluvo environment. Each webhook request contains an HMAC signature for verification.
See the Webhooks page for a full list of events and payload examples.
