FAQ

Frequently Asked Questions (FAQ)

Here are answers to common questions about integrating with the TrainingArc platform.

❓ How do I start using TrainingArc?

Go to Quick Start

❓ What format is the training content?

Training modules are exported from Articulate Rise 360 and served as self-contained static websites via AWS CloudFront. Each module includes an index.html file and its assets, and is loaded in a browser (typically via iframe).

❓ Do I need to host the modules myself?

No. TrainingArc securely hosts all modules via CloudFront. You receive a signed URL and cookies when requesting a module, which allow time-limited access to just that module.

❓ How do I embed a training module?

  1. Use your API key to request the module URL:

    GET /organizations/:orgId/library/modules/:moduleId

  2. Receive a signed URL + cookies in the response.

  3. Set the cookies in the browser (on your domain or subdomain, depending on setup).

  4. Render the module in an <iframe>:

    <iframe src="https://example.resource-url.com/mod789/index.html" width="100%" height="600"></iframe>

❓ How do I authenticate requests?

  • Backend-to-backend: Use your API key in the Authorization header.

  • Module reporting: Modules use session tokens to report xAPI statements to /statements.

See Authentication →

❓ Can modules be grouped or filtered?

Yes — you can create Library Sections to curate sets of modules. This is useful for organizing content like "Onboarding", "Security Training", or "Quarterly Compliance".

See Library Sections →

❓ What happens if my webhook fails?

When an xAPI statement is received:

  • It is forwarded immediately to your registered webhook.

  • If your webhook returns a 5xx status, times out, or is unreachable:

    • The system does not retry by default

    • The statement is still considered "accepted"

    • Reliability features like retries or dead-letter queues may be added in future

See Statements →

❓ What is a session token?

A session token is a signed short-lived token that the module uses to authenticate when submitting xAPI statements.

It maps to:

  • The organization

  • The session context

  • Custom fields

TrainingArc backend is responsible for issuing valid session tokens before a learner launches training.

❓ Can I create multiple API keys?

Yes. You can generate as many API keys as you'd like. Each key has:

  • A name

  • Optional expiration

  • Revocation support

  • Metadata tracking (e.g. lastUsedAt)

See API Keys →

❓ Can I revoke or delete an API key?

Yes. API keys can be revoked via:

PATCH /organizations/:orgId/api-keys/:keyId

Or deleted entirely via:

DELETE /organizations/:orgId/api-keys/:keyId

Revoked keys will no longer be valid for authentication.

❓ Can I update my webhook URL?

Yes. Your organization's webhook can be updated at any time:

PATCH /organizations/:organization_id

❓ How long are signed cookies valid for?

Signed cookies returned from the module endpoint are valid for a limited time (e.g., 3 hours). This duration is configured in the CloudFront policy.

If a learner tries to load a module after the cookies expire, access will be denied.

❓ Can I preview modules without authentication?

No — all modules require valid authentication and signed access. There is no public preview URL.

❓ Where can I get support?

Please contact your platform administrator or the TrainingArc team to get help with:

  • Webhook setup

  • Module access issues

  • API usage

PreviousAuthenticationNextOrganizations Resource

Last updated