cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Authentication Required

As the instructor for this particular course, when I typed a url like the following in the browser after I logon to Canvas:

https://canvas.xxxxx.edu/courses/1111/users/2222/usage.json?per_page=100 

I received a reply like the following:

while(1);[
{"asset_user_access":{"id":9402284,"asset_code":"context_external_tool_342",
"asset_group_code":"external_tools","user_id":44845,"context_id":11402,"context_type":
"Course","last_access":"2018-08-01T16:26:37Z","created_at":"2018-08-01T16:11:41Z",
"updated_at":"2018-08-01T16:26:37Z","asset_category":"external_tools","view_score":2.0,
"participate_score":null,"action_level":"view","display_name":"iBookstore","membership_type":
"StudentEnrollment","readable_name":"iBookstore","asset_class_name":"context_external_tool",
"icon":"icon-question"}},
{"asset_user_access":{"id":9399869,"asset_code":"home:course_11402",
"asset_group_code":"other","user_id":44845,"context_id":11402,"context_type":"Course",
"last_access":"2018-08-01T16:26:20Z","created_at":"2018-08-01T14:42:17Z",
"updated_at":"2018-08-01T16:26:20Z","asset_category":"home","view_score":3.0,
"participate_score":null,"action_level":"view","display_name":null,
"membership_type":"StudentEnrollment","readable_name":"Course Home","asset_class_name":null,
"icon":"icon-home"}}, ...

However, when I use python code to call the same url using the token I generated from my account. Instead I got the following response. 

<Response [401]> {     "status": "unauthenticated",     "errors": [         {             "message": "user authorization required"         }     ] }

Would anyone advise how to avoid getting this error code and be able to access the response in json file?

Thanks,

Paul

Labels (1)
3 Replies
Surveyor

Hi Paul,

This is not a typical Canvas API call, and that is probably why you get that unauthorized error. You may consider use this endpoint (Users - Canvas LMS REST API Documentation ) instead.

Best,

Mu

Community Member

Thanks Mu He, I understood that was not a typical API, but since I can still call it on a browser directly, I thought

"that endpoint should be published or publicly accessible"?

Further, I tried the following, even though I am the instructor of the course, I got the same error:

GET /api/v1/users/:user_id/page_views

On the other hand, I encounter no such errors using other APIs that does not pertain to a particular user_id, such as

the content of the forums, etc. of this course, e.g., 

GET /api/v1/courses/:course_id/users/:user_id

Perhaps there are "2 layers of authentication" that is needed, and we can do it through python code. For example,

using the generated token that I can use to do  GET /api/v1/courses/:course_id/users/:user_id, then a second 

layer that would allow one to do GET /api/v1/users/:user_id/page_views? 

Perhaps with the same second layer authentication, one can then do GET /courses/1111/users/2222/usage.json ?

paulwuhj@suss.edu.sg

There are endpoints that are used by Canvas and are only available through the web interface and not through the API. One of them is what I use to obtain the Access Report for each student in a class, which is the one that you're showing in your code. Another is one that I use to create a rubric from a spreadsheet. Another was when I assigned peer reviews to everyone in a group (that might have had an API call, but the internal call was faster and easier).

For this kind of call, you need to be inside a browser. They do not recognize the access token used for the API, they use the csrf token cookie instead. One possibility is to run a headless browser that logs you into Canvas and then makes the non-API calls for you. While possible, it's definitely an advanced technique normally reserved for when all else fails and you really, desperately need something. I recently figured out how to do this with Arc (Instructure's video platform) -- at least I run a headless browser long enough to get an access token that I can then use.

The endpoint that Mu gave you is for page views. It requires admin access to view since it is not limited to a single course. Your teacher access does not have sufficient permissions to access that call, just like you can't access the page views within Canvas. The API uses the same permissions as the web interface, so you won't be able to access something through the API if you don't have the permissions to do so in the web version. Other calls are ones that you have permissions to access as a teacher and so those work.