cancel
Showing results for 
Search instead for 
Did you mean: 
shauck
Surveyor II

API Integration best practice- roster exchange

I’m looking for someone who has implemented the Roster Exchange API Integration for Barnes and Noble, and/or is knowledgeable regarding best practices regarding user access tokens vs developer keys for guidance.  Roster exchange is part of what they are calling their "First Day" program.

The Roster Exchange API uses the user access token method, rather than a developer key.  I have created a customized role for this API use, limited to the fields they say they need, but they say they need to be able to list all courses, read SIS data, view all users and more.  So, administrator rights over the entire instance, although not manage rights.   With the new Developer Key token scoping that went into beta today, rather than rely on the user token, should I ask them to reprogram to use a developer key, as I think it will allow for more limited permissions?  Or does creating a custom role and user for creating the user access token really achieve the same thing?   Community input would be much appreciated. 

While I have found useful links in the community (canvas API’s and admin guide) and others, I worry I don’t know what I don’t know.  Our IT department has not responded; I believe because they don’t have familiarity with APIs in general or certainly Canvas in particular.

2 Replies
RhondaB
Learner II

Did you ever find answers to your questions? Our college is considering installing the Barnes & Noble First Day LTI and I would love to hear from anyone who has successfully installed and used it. 

I would also like to know if this LTI makes it's course menu links enabled in every course by default, or are their links disabled by default? Can this be controlled by the admin?

jschreier
Surveyor

We are starting "First Day" in the fall and I have these same questions. I'm concerned about the student data that B&N is gaining access to. I would love to hear from anyone who has done "First Day" about how they handled the Roster Exchange API integration.