Read Only Developer Key

Status: Completed Submitted by on ‎04-12-2018 11:46 PM

Current Developer Keys allow for all HTTP verbs to be called including DELETE, PUT, UPDATE, POST whilst all analytics applications would only have read only access via GET method. Having the update or delete APIs exposed increases the chance of unintended or hostile removing the data or changing the environment unintentionally.

An analytics developer key that only provides access to the Canvas GET APIs would solve this problem.

5 Comments
d_ellis
Community Contributor
‎04-16-2018 08:14 PM

Sounds like an eminently sensible security need to me Smiley Happy

kirsty_kitto
Community Novice
‎04-16-2018 08:37 PM

And one that would make it easy for learning analytics practitioners to interface with Canvas data to build specialised applications - could make Canvas a leader for community driven development of innovative learning analytics applications...

RobDitto
Community Champion
‎07-02-2018 04:47 PM

For those interested in this idea, 

https://community.canvaslms.com/docs/DOC-14925-canvas-beta-release-notes-2018-07-02#jive_content_id_... brings a welcome new set of features. Hallelujah!

KristinL
Community Team
Community Team
‎02-09-2023 09:28 AM
Status changed to: New
 
KristinL
Community Team
Community Team
‎02-09-2023 09:32 AM
Status changed to: Completed