Authenticate via OAuth 2.0 to obtain a bearer token with the appropriate enrollment management scope for the Brightspace tenant
Resolve the target user's Brightspace userId by calling GET /d2l/api/lp/{ver}/users/?userName={username} if you only have a username or email
Resolve the courseOfferingId (OrgUnitId) for the target course offering via GET /d2l/api/lp/{ver}/orgstructure/?orgUnitType=3 or by known ID
POST /d2l/api/lp/{ver}/enrollments/ with a JSON body containing OrgUnitId, UserId, and RoleId (e.g., 110 for Student role) to create the enrollment
Confirm the 200 response body contains the enrollment details including the resolved role and org unit; a 409 indicates the user is already enrolled
To unenroll, DELETE /d2l/api/lp/{ver}/enrollments/orgUnits/{orgUnitId}/users/{userId} to remove the enrollment without deleting the user or course
Known gotchas
RoleId values are not standardized across Brightspace tenants — the integer ID for 'Student' in one institution's deployment will differ from another; retrieve the role list via GET /d2l/api/lp/{ver}/roles/ to map role names to IDs for the specific tenant
Enrolling a user in a course offering that is outside its enrollment window may succeed at the API level but leave the user unable to access the course due to date-based visibility restrictions — verify the course's start/end dates
Brightspace distinguishes between course offering (leaf node) and course template (parent) org units; POSTing an enrollment to a course template ID instead of a course offering ID returns a 400 error with a non-obvious message
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp