What permission is needed for the "GET /api/v1/users/:user_id/courses" REST API?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have created a Role with these permissions in Canvas:
- Announcements - view
- Conversations - send messages to individual course members
- Course Content - view
- Discussions - create
- Discussions - post
- Discussions - view
- Grades - view all grades
- Item Banks - manage account
- SIS Data - read
- Student Collaborations - create
- Users - act as
- Users - view list
Then we generated an "access token" for a user under that Role, and tried accessing the "/api/v1/users/:user_id/courses" API in this way: https://oohlala.instructure.com/api/v1/users/sis_login_id:abc@test.com/courses?access_token=****
The response is: { "status": "unauthorized", "errors": [ { "message": "user not authorized to perform that action" } ] }
In this document: https://canvas.instructure.com/doc/api/courses.html, we found this description
List courses for a user
GET /api/v1/users/:user_id/courses
Scope: url:GET|/api/v1/users/:user_id/courses
Returns a paginated list of active courses for this user. To view the course list for a user other than yourself, you must be either an observer of that user or an administrator.
We cannot find the permissions needed for the "administrator". Does anyone know what permissions we should add to our Role in order to access that API?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @YunyiZhang,
I can tell you that it works for me using a role with the following permissions:
Courses - view list
SIS Data - manage
SIS Data - read
Statistics - view
Users - manage login details
Users - view list
Users - view login IDs
Users - view primary email address
Some of those may be unnecessary, but it's the most limited admin role we have quickly available to test with. I think perhaps it's the view login IDs you need in addition to the view course list, as you're using the sis_login_id as part of your API query.
-Chris