cancel
Showing results for 
Search instead for 
Did you mean: 
themidiman
Explorer III

API endpoint permissions for /courses

Jump to solution

Unless I've not read the docs correctly, shouldn't an instructor API token be able to use the GET /v1/courses/{id} endpoint to see information about a single course for which they are enrolled as the instructor? I'm getting "status":"unauthorized" using the live api. 

If not I'm having a hard time finding in the permissions matrix where this can be rectified.

0 Kudos
1 Solution

Accepted Solutions

Thanks  @maguire ,


That was the issue. My instructor role was not in the actual course section because it was crosslisted into a different course. I was thinking the role carried over to both sections by virtue of cross-listing the child course into the parent course.

View solution in original post

0 Kudos
6 Replies
sam_ofloinn
Community Member

You are getting "status: unauthorised" probably because your account isn't set to have permissions to request data from this endpoint. Contact the managers in your organisation, ask them to authorise your account. Depending on your place's setup, you may have to be re-authorised over regular time intervals (e.g monthly)

Thanks for the response!

So...would this be done using the permissions matrix? For the record I admin a test instance of Canvas where I did my initial testing. I need to tell our admins what permission to tweak for the instructor role on our production instance. I can't just tell them to "fix" it without giving them exact information about what to fix. 

Any suggestions?

Honestly I would not know, I've not managed such permissions myself. I'd assume that whoever in your organisation has such access would know for certain which to tweak. That said, the permissions matrix might be a good place to start.

So this is the issue: I'm one of the individuals at our organization that should know what this tweak should be. Maybe it's a bug that needs to be escalated to support. I'll go that route until someone else who is reading this knows exactly what the magic permission tweak is supposed to be. 

maguire
Adventurer II

Have you tried it out via https://xxx/doc/api/live where xxx is your canvas instance?

I was able to do this as a student in a course or as a teacher in a course (within a Canvas instance built from source code). However, if the user is not in the course, then I get a response of 

{   "status": "unauthorized",   "errors": [     {       "message": "user not authorized to perform that action"     }   ] }

The reason for the unauthorized result is that the code in app/controllers/courses_controller.rb

does a check of the user's permissions and looks for the permissions :read or :read_as_admin.

Thanks  @maguire ,


That was the issue. My instructor role was not in the actual course section because it was crosslisted into a different course. I was thinking the role carried over to both sections by virtue of cross-listing the child course into the parent course.

View solution in original post

0 Kudos