Assignments

Assignments tie a piece of training (a category, module, topic, course, or scenario) to a user, team, or the whole organization with a deadline. The same records back the SARIF auto-assignment flow. All endpoints sit under /api/public/v1/assignments.

Endpoints

Method	Path	Scope	Purpose
GET	`/assignments`	`assignments:read`	List assignments with aggregate progress.
GET	`/assignments/{id}`	`assignments:read`	Single assignment plus per-user progress.
POST	`/assignments`	`assignments:write`	Create an assignment. Fires `assignment.created`.
PATCH	`/assignments/{id}`	`assignments:write`	Update deadline, mandatory flag, note, or active state.
DELETE	`/assignments/{id}`	`assignments:write`	Deactivate. Progress records are preserved.

Assignee and content vocabulary

Every assignment carries an assigneeType + assigneeId pair, and a contentArea + targetType + targetId triple. The legal values:

Field	Legal values	Meaning of `targetId` / `assigneeId`
`assigneeType`	`user`, `team`, `org`	For `user` and `team` the `assigneeId` is the corresponding UUID. For `org` the id is your organization id.
`contentArea`	`practice`, `learn`	`practice` is hands-on challenges; `learn` is courses and scenarios.
`targetType` for `practice`	`category`, `module`, `topic`	String slug, e.g. `web`, `owasp-top-10`, `sql-injection`.
`targetType` for `learn`	`course`, `scenario`	String slug, e.g. `owasp-top-10-2025`, `phishing-call-2025`.
`targetType` for either area	`custom-course`	UUID of a custom course (see Custom Courses). The course's items dictate which practice topics and/or learn scenarios are tracked for completion.

List assignments

Returns every assignment in the organization, active and inactive, with denormalized progress aggregates.

GET /api/public/v1/assignments
Authorization: Bearer scs_live_…

Response

[
  {
    "id": "d7c8a1b2-3e45-4f67-89ab-cd0123456789",
    "contentArea": "practice",
    "assigneeType": "team",
    "assigneeId": "4f8d3e2a-71cb-4d09-9ad7-5b8c7e1f0a32",
    "assigneeName": "Payments",
    "targetType": "topic",
    "targetId": "sql-injection",
    "targetTitle": "SQL Injection",
    "deadline": "2026-06-12T23:59:59Z",
    "isMandatory": true,
    "isActive": true,
    "isOverdue": false,
    "avgProgress": 42.5,
    "totalAssignees": 12,
    "completedAssignees": 3,
    "createdAt": "2026-05-29T08:00:00Z"
  }
]

Example

curl -sS -H "Authorization: Bearer $SCH_API_KEY" \
  https://api.limeplate.com/api/public/v1/assignments

Get assignment

Same fields as the list entry, plus the assigner's display name, the optional note, and a per-user progress array suitable for compliance reports.

GET /api/public/v1/assignments/{assignmentId}
Authorization: Bearer scs_live_…

Response

{
  "id": "d7c8a1b2-3e45-4f67-89ab-cd0123456789",
  "contentArea": "practice",
  "assigneeType": "team",
  "assigneeId": "4f8d3e2a-71cb-4d09-9ad7-5b8c7e1f0a32",
  "assigneeName": "Payments",
  "targetType": "topic",
  "targetId": "sql-injection",
  "targetTitle": "SQL Injection",
  "deadline": "2026-06-12T23:59:59Z",
  "isMandatory": true,
  "isActive": true,
  "isOverdue": false,
  "note": "Follow-up to the May audit finding.",
  "assignedByName": "API Key: CI Ingestion",
  "avgProgress": 42.5,
  "totalAssignees": 12,
  "completedAssignees": 3,
  "createdAt": "2026-05-29T08:00:00Z",
  "userProgress": [
    {
      "userId": "b1a4d7c2-9e58-4f3a-83cd-2c6f1a90e7b4",
      "name": "Jane Smith",
      "email": "jane.smith@acme.com",
      "totalChallenges": 8,
      "completedChallenges": 8,
      "progressPercent": 100,
      "completedAt": "2026-06-04T10:18:42Z",
      "isOverdue": false
    }
  ]
}

Example

curl -sS -H "Authorization: Bearer $SCH_API_KEY" \
  https://api.limeplate.com/api/public/v1/assignments/d7c8a1b2-3e45-4f67-89ab-cd0123456789

Create assignment

Creates the assignment and fires assignment.created. If the assignee is a team or the organization, per-user progress rows are materialized for every member at creation time, so the response of GET /assignments/{id} is immediately complete.

POST /api/public/v1/assignments
Authorization: Bearer scs_live_…
Content-Type: application/json

Request body

Field	Type	Required	Meaning
`assigneeType`	string	yes	`user`, `team`, or `org`.
`assigneeId`	uuid	yes	User id, team id, or organization id depending on type.
`contentArea`	string	yes	`practice` or `learn`.
`targetType`	string	yes	See the vocabulary table above.
`targetId`	string	yes	Slug or id of the category, module, topic, course, or scenario.
`deadline`	ISO 8601	yes	Due date and time in UTC.
`isMandatory`	bool	no	Defaults to `true`. Non-mandatory assignments don't block compliance reports.
`note`	string	no	Free-text shown to the assignee in the dashboard.

Response

{
  "id": "d7c8a1b2-3e45-4f67-89ab-cd0123456789",
  "contentArea": "practice",
  "assigneeType": "team",
  "assigneeId": "4f8d3e2a-71cb-4d09-9ad7-5b8c7e1f0a32",
  "assigneeName": "Payments",
  "targetType": "topic",
  "targetId": "sql-injection",
  "targetTitle": "SQL Injection",
  "deadline": "2026-06-12T23:59:59Z",
  "isMandatory": true,
  "isActive": true,
  "isOverdue": false,
  "avgProgress": 0,
  "totalAssignees": 12,
  "completedAssignees": 0,
  "createdAt": "2026-05-29T08:00:00Z"
}

Example

curl -sS -X POST \
  -H "Authorization: Bearer $SCH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "assigneeType": "team",
    "assigneeId": "4f8d3e2a-71cb-4d09-9ad7-5b8c7e1f0a32",
    "contentArea": "practice",
    "targetType": "topic",
    "targetId": "sql-injection",
    "deadline": "2026-06-12T23:59:59Z",
    "isMandatory": true,
    "note": "Follow-up to the May audit finding."
  }' \
  https://api.limeplate.com/api/public/v1/assignments

Update assignment

Any subset of deadline, isMandatory, note, and isActive can be sent. Omitted fields are left as-is. Use isActive: false as a non-destructive equivalent to DELETE.

PATCH /api/public/v1/assignments/{assignmentId}
Authorization: Bearer scs_live_…
Content-Type: application/json

Request body

Field	Type	Meaning
`deadline`	ISO 8601	New due date.
`isMandatory`	bool	Flip the mandatory flag.
`note`	string	Replace the note. Send empty string to clear.
`isActive`	bool	Activate or deactivate without affecting progress.

Response

{
  "message": "Assignment updated"
}

Example

curl -sS -X PATCH \
  -H "Authorization: Bearer $SCH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "deadline": "2026-06-26T23:59:59Z",
    "note": "Extended after sprint planning."
  }' \
  https://api.limeplate.com/api/public/v1/assignments/d7c8a1b2-3e45-4f67-89ab-cd0123456789

Deactivate assignment

Sets isActive to false. The assignment no longer appears in the assignee's "My assignments" view and stops contributing to compliance metrics, but historical progress records are preserved so reports for past periods still resolve.

DELETE /api/public/v1/assignments/{assignmentId}
Authorization: Bearer scs_live_…

Response

{
  "message": "Assignment deactivated"
}

Example

curl -sS -X DELETE \
  -H "Authorization: Bearer $SCH_API_KEY" \
  https://api.limeplate.com/api/public/v1/assignments/d7c8a1b2-3e45-4f67-89ab-cd0123456789

Webhook events

Creating an assignment via POST /assignments fires assignment.created once. When any single assignee reaches 100% progress on the underlying target, assignment.completed fires for that user — for team and org assignments this means one event per member reaching 100%, not one event for the whole assignment. Both events include the assignment id and the assignee identity. Subscribe and verify signatures via /docs/api/webhooks.