Secure API Requests to External System From Custom JS

Found this content helpful? Log in or sign up to leave a like!

I have added an AJAX request in the custom js file that I've uploaded to Canvas. That AJAX request is currently not secure. I would like to add some layer of authentication, however, it seems that all the available tools will not accommodate this idea, unless there's just something I'm missing.

What I need is for Canvas to ask SERVER A (my server) for a an access token, and then pass that token on to the JS so it can be attached to the AJAX request. It seems like any other scheme I might come up with whereby the JS generates the token will not be secure because that's happening on the client's computer.

I thought about using a Canvas event, but those events don't fire in real time.

I thought about getting the JS to call on a Canvas LTI app, which in turns asks SERVER A for a token using the Oauth2 credentials sent by the LTI APP, but calling the LTI app from JS returns a 403 error.

I wish there was some pre-load hook that I can use to have Canvas poll data from SERVER A and pass that on to the JS ENV variables or something, but not having that, can anyone think of any other ideas?

0 Replies

Need help? Sign up or log in to interact with Panda Bot

Secure API Requests to External System From Custom JS

add `desc` or `asc` to a few api calls that are al...

Integrate a React App (Not Canvas) to be Canvas LM...

Donot have valid data to test certain APIs

Getting Canvas LTI Data

Prevent Faculty From Using "EX" grade in Gradebook

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

Integrate a React App (Not Canvas) to be Canvas LM...

You're signed out

Secure API Requests to External System From Custom JS

Community help

View our top guides and resources: