Community help

NoelSaliba · ‎08-26-2022

We are building an integration from the Canvas Gradebook to our SIS for K-12 Assessment Reporting through the available REST API. I am not 100% certain this is the correct API call to get the grades however it seems to be the closest.

My problem is that when I make the GET API call to the /v1/courses/<course id>/gradebook_history/feed I receive the following message

"user not authorised to perform that action"

When I log into Canvas as the same user as the "Access Token" user, I can see the gradebook history I am trying to retrieve.

Is this a user permission issue or setting? Should I be using a different call?

Thank you in advance.

StephanieGilber · ‎10-15-2022

thank you

View solution in original post

James · ‎10-16-2022

I thought this had been answered, but I don't see the response. If the access token works for the user but not the "admin" or "teacher", then it is possible that you need to masquerade as the user by passing a query parameter of as_user_id.

This normally shows up in API calls that do not allow a user_id. In those cases, it defaults to the user making the API call.

The forbidden error can also happen in other cases. I've seen admin tokens that won't fetch information when teacher tokens will. It's because the admin doesn't have an enrollment in that class to fetch the information. If the token allows masquerading, then they can pretend to be the other user.

For the submissions request, it may be something completely different. If you do not specify student_ids[] in the query parameter, then you will get the unauthorized error. If you want the student submissions for all students, then you need to have a query parameter of student_ids[]=all.

View solution in original post

SanjeevBanerje1 · ‎10-15-2022

I am also facing the same error while using GET /api/v1/courses/:course_id/students/submissions

StephanieGilber · ‎10-15-2022

thank you

James · ‎10-16-2022

I thought this had been answered, but I don't see the response. If the access token works for the user but not the "admin" or "teacher", then it is possible that you need to masquerade as the user by passing a query parameter of as_user_id.

This normally shows up in API calls that do not allow a user_id. In those cases, it defaults to the user making the API call.

The forbidden error can also happen in other cases. I've seen admin tokens that won't fetch information when teacher tokens will. It's because the admin doesn't have an enrollment in that class to fetch the information. If the token allows masquerading, then they can pretend to be the other user.

For the submissions request, it may be something completely different. If you do not specify student_ids[] in the query parameter, then you will get the unauthorized error. If you want the student submissions for all students, then you need to have a query parameter of student_ids[]=all.

Gradebook History API Call Returns "user not authorised to perform that action"

Canvas

SIS

add `desc` or `asc` to a few api calls that are al...

Integrate a React App (Not Canvas) to be Canvas LM...

Donot have valid data to test certain APIs

Getting Canvas LTI Data

Prevent Faculty From Using "EX" grade in Gradebook

UI for weekly progression idea

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

You're signed out

Gradebook History API Call Returns "user not authorised to perform that action"

Community help

View our top guides and resources: