We were wondering if anyone has developed a vetting and renewal process for giving third party applications developer keys for their Canvas instance? I already messaged  @joseph_allen ‌ but then I thought, "why not post this to the Canvas Admin area too?" We have recently had a few schools that purchased access to some online training or secure browsers for testing that require a developer key to be setup and function. This means they get a developer key for the whole instance even though their LTI just exists in a sub account for the school in question. carroll-ccsd and I feel that we need something in place showing that they're FERPA compliant, safeguard our data, and at the contract's end they destroy or give us the data. What are other people doing? Beyond the vetting we are working on the procedure to renew (or not) the dev key annually without causing us a ton more work when we're dealing with 364+ schools.