cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fosterl
Community Contributor

Issuing API Keys for Catalog

Have other institutions issued API Keys for Catalog development? We have just done our first one, so far only in Beta. It's a bit concerning, because we have various units at our institutions in subcatalogs, and providing an API Key is for the entire Catalog, not limitable to subcatalogs. I don't even see in the API calls where it is possible to make subcatalog-specific API calls, nor can I scope the API calls to GET only or something. So an API Key is wide open for any and all API calls.

Just curious if others are doing this, what precautions you're taking or wish you could take. I know it's expecting a lot for Catalog's API Key functionality to be as sophisticated as Canvas is now, but one can always hope!

3 Replies
jsowalsk
Advocate

This would be a great topic for our call tomorrow,  @fosterl ‌. Please add it to the agenda.

0 Kudos
fosterl
Community Contributor

This was discussed in the 2/14/20 Catalog User Group meeting, just putting notes here for those who did not attend. It was suggested that, since our institution already downloads and uses Canvas Data, the developer might be able to get the Catalog information they need from Canvas Data, instead of accessing Catalog with an API Key. If this project moves forward, we will look into that!

Hi Lindy,

Please reach out if you need anything.

Jessica

0 Kudos