cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dhagood
New Member

API Priviliges Levels

I am exploring what information I can access through the API. I have access to several courses at the TA / Instructor level.

I've see that some requests require admin privileges, but only after I make a request and examine the body of the response. My question is this: Is there a way to tell which GET requests will require admin-level privileges?

My current approach is checking all the GET method API calls, and making a list of those I cannot access. It would be helpful if there is some heuristic to know what content will not be accessible to me at the TA / Instructor level.

Tags (2)
0 Kudos
1 Reply
James
Community Champion

That's a loaded question. The answer is that what you can do depends on what permissions you've assigned the teacher/TA. Some schools give them permissions to view all grades or to masquerade as other users. Other schools don't.

One thing is that anything that says "List your ..." or "Current user" and doesn't have the ability to put in a user_id are going to need permissions of the user, or the ability to masquerade as the user with the as_user_id= query parameter.  You can quickly search for those by pulling up the All API Resources page from the documentation,  and do a search for "current user"

GET /api/v1/accounts

GET /api/v1/course_accounts

GET /api/v1/appointment_groups

GET /api/v1/users/:user_id/courses/:course_id/assignments

GET /api/v1/courses/:course_id/assignments/:assignment_id/overrides

GET /api/v1/courses/:course_id/assignments/overrides

GET /api/v1/calendar_events

and so on. I'm only up through Calendar Events, but I've got to go pick up the kids right now.

Many of the API calls require some kind of permissions to use (other than just being a Canvas user).