What permission is needed for the "GET /api/v1/users/:user_id/courses" REST API?

Jump to solution
YunyiZhang
Community Explorer

We have created a Role with these permissions in Canvas:

  • Announcements - view
  • Conversations - send messages to individual course members
  • Course Content - view
  • Discussions - create
  • Discussions - post
  • Discussions - view
  • Grades - view all grades
  • Item Banks - manage account
  • SIS Data - read
  • Student Collaborations - create
  • Users - act as
  • Users - view list

Then we generated an "access token" for a user under that Role, and tried accessing the "/api/v1/users/:user_id/courses" API in this way: https://oohlala.instructure.com/api/v1/users/sis_login_id:abc@test.com/courses?access_token=****

The response is:  { "status": "unauthorized", "errors": [ { "message": "user not authorized to perform that action" } ] } 

In this document: https://canvas.instructure.com/doc/api/courses.html, we found this description

List courses for a user
GET /api/v1/users/:user_id/courses
Scope: url:GET|/api/v1/users/:user_id/courses
Returns a paginated list of active courses for this user. To view the course list for a user other than yourself, you must be either an observer of that user or an administrator.

We cannot find the permissions needed for the "administrator". Does anyone know what permissions we should add to our Role in order to access that API?

 

 

Labels (1)
1 Solution

Hi @YunyiZhang,

I can tell you that it works for me using a role with the following permissions:

Courses - view list

SIS Data - manage

SIS Data - read

Statistics - view

Users - manage login details

Users - view list

Users - view login IDs

Users - view primary email address

 

Some of those may be unnecessary, but it's the most limited admin role we have quickly available to test with.  I think perhaps it's the view login IDs you need in addition to the view course list, as you're using the sis_login_id as part of your API query.

-Chris

View solution in original post