The first step is to go to the Site administration, then Plugins, then Web Services.
On this page Moodle should provide you with a guide on how to set up a web service, and a Moodle user for that web service. You should do that.
We've also provided a screenshot of the guide below, if your version of Moodle doesn't show the guide.

Step 1: As you can see you should first Enable web services
Step 2: Then you need to enable the rest protocol (also called the REST protocol).
Step 3:
Then you should create a user – it should have the name Peergrade webservice user and the shortname peergrade-webservice-user
The user must have a password, and the authentication method must not be "No login". (See: The Moodle API docs) We suggest setting the authentication method to "Manual accounts" then setting a password, and then changing the authentication method to "Web services authentication".
It is also important that the "Force password change" is not checked.
Step 4: Important!
Create a role called with the shortname peergrade-webservice-role and the name Peergrade webservice role. You can create this role under Site administration > Users > Permissions > Define roles.
Under Context types where this role may be assigned you should choose "System".
Under capabilities you should find and allow these capabilities:

Use REST protocol
webservice/rest:use

###########################################################
### The following capabilities are needed for importing ###
### students from Moodle on app.peergrade.io (not using ###
### LTI)                                                ###
###########################################################
See full user identity in lists
moodle/site:viewuseridentity

View courses without participation
moodle/course:view

View participants
moodle/course:viewparticipants

View user profiles
moodle/user:viewdetails

View hidden details of users (Moodle states that this is needed for `core_user_get_users_by_field` but it seems that it's not strictly required)
moodle/user:viewhiddendetails

Enable/disable email address (Moodle states that this is needed for `core_user_get_users_by_field` but it seems that it's not strictly required)
moodle/course:useremail

Update user profiles (Moodle states that this is needed for `core_user_get_users_by_field` but it seems that it's not strictly required)
moodle/user:update

###########################################################
### The following capabilities are needed for importing ###
### groups and groupings from Moodle when using LTI     ###
###########################################################
Access all groups
moodle/site:accessallgroups

Manage groups
moodle/course:managegroups

When you've saved the role, go to
Site administration > Users > Permissions> Assign system roles
Click the "Peergrade webservice role" and then on the next page move "Peergrade webservice user" from the Potential users to the Existing users column.
Step 5:
Go to
Site administration > Plugins > Web services > External services
and add a web service with the name Peergrade web service and the shortname peergrade-web-service
Check the box Authorised users only.

Add the functions:

core_enrol_get_enrolled_users: Get enrolled users by course id

core_enrol_get_users_courses: Get the list of courses where a user is enrolled in

core_group_get_course_groupings: Returns all groupings in specified course

core_group_get_groupings: Returns groupings details

core_group_get_group_members: Returns group members

core_user_get_users_by_field: Retrieve users' information for a specified unique field

Back in the overview of external services (Site administration > Plugins > Web services > External services) click the Authorised users link in the row with Peergrade webservice. Here you should add the Peergrade webservice user to the list of authorised users.
Step 8:
At the bottom of the Web services page in the Site administration
(Site administration > Plugins > Web services) click the "Add" link under the Manage tokens section.
On this page, for User you should select the Peergrade webservice user
And for Service you should select Peergrade webservice
The IP restriction field can be left blank, and the Valid until fields can be left unchanged (disabled).

You should send the newly generated token to cto@peergrade.io

Did this answer your question?