[ARCHIVED] Secure exchange of api key and lti key and secret / onboarding flow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am working on an external app that uses the canvas API and also involves LTI.
So there needs to be some sort of secure exchange with user/client of them giving us a canvas api key (and canvas instance url), and us giving them an LTI key & secret. Im curious how other apps handle this exchange in their onboarding flow and manage to do it securely (not email right?)
thanks for help/pointers - mark gibson
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @mgibson2,
You'll want to look over this for the specifics https://canvas.instructure.com/doc/api/api_token_scopes.html but if it's looking for auth in my experience it uses a server or url to auth that is the consumer key and secret key as those are what allow the connection in this case.
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.