Community Help

Nancy_Webb_CCSF

Is there any way to prevent students from using API? Blocked only for those with a student role in a course.

Thanks, it's doubtful but thought I would ask.

chriscas

I think the answer here is a big maybe, depending on exactly what you'd like to do...

The Admin Manage Access Tokens feature option was released last year and basically puts admins in control of generating user API tokens. If you turn this on, the only users who could create tokens would be admins with the correct permissions. We turned this on at my institution as we have very low "approved" use of API tokens vs the number of unwanted uses before this feature was available. You could have something similar or very different from us, so this needs careful consideration.

Even with the above feature turned on, students (or any users really) will still technically be making API calls through developer keys. The Canvas mobile apps are great examples of this as they make heavy use of the API to function. Along the same lines, the web version of Canvas even makes use of API calls behind the curtains. So with this in mind, you really can't totally shut off the API for anyone without basically breaking Canvas.

This is just a quick overview off the top of my head. Let us know if this helps, if you have questions, would like more info, etc...

-Chris

View solution in original post

chriscas

Hi @Nancy_Webb_CCSF,

I think the answer here is a big maybe, depending on exactly what you'd like to do...

The Admin Manage Access Tokens feature option was released last year and basically puts admins in control of generating user API tokens. If you turn this on, the only users who could create tokens would be admins with the correct permissions. We turned this on at my institution as we have very low "approved" use of API tokens vs the number of unwanted uses before this feature was available. You could have something similar or very different from us, so this needs careful consideration.

Even with the above feature turned on, students (or any users really) will still technically be making API calls through developer keys. The Canvas mobile apps are great examples of this as they make heavy use of the API to function. Along the same lines, the web version of Canvas even makes use of API calls behind the curtains. So with this in mind, you really can't totally shut off the API for anyone without basically breaking Canvas.

This is just a quick overview off the top of my head. Let us know if this helps, if you have questions, would like more info, etc...

-Chris

Nancy_Webb_CCSF

Thanks for responding @chriscas. I sure wouldn't want to interfere with app generated APIs. I wasn't aware of the 9/21/24 update that gave admins the ability to limit who can create tokens, that's a great feature. It is the user ability to create their own access tokens we would like students to be denied. I believe the app APIs wouldn't be affected by this. We would want teachers to be able to create tokens, but maybe we can figure out a way to handle those, an automated form.

dbrace

@chriscas, when using that feature option, have your user's experienced any problems with textbook publisher integrations or the mobile app?

I have thought about enabling this feature option but I do not have a full grasp over the side effects.

-Doug

chriscas

Hi @dbrace,

Nope, no problem with those, as they'd all happen through a developer API key, which is not affected by this feature. The feature just restricts people from making personal API keys on their own.

-Chris

Nancy_Webb_CCSF

Ha, I just learned from Support that students are already unable to create their own API keys! The admin permission must apply to keys for teachers, TAs etc.

I was investigating suspicious Access Report activity and thought it might have come from APIs, but it might be coming from browser extensions or bots instead.

Student use of API

Admin

Canvas Grading Schemes

Quiz generation via AI. Does anyone have a really ...

Viewing The To-Do List In The Web Version Like in ...

Assignment Comments Grading UX Issue with Assignme...

Can't edit an imported quiz to change formula inpu...

Canvas Grading Schemes

Quiz generation via AI. Does anyone have a really ...

Test answers not showing

Left Nav Bar

Viewing The To-Do List In The Web Version Like in ...

You're signed out

Student use of API

Community Help

View our top guides and resources: