cancel
Showing results for 
Search instead for 
Did you mean: 
jfountain
Learner II

Securing Canvas Grade Push

For those who have implemented the Canvas Grade Push option:

 

  • Our developers have been told that Canvas does not have the ability to secure data transfer for the Grade Push feature using tokens.
  • We are interested in how other schools are securing the data transfer.

 

Thank you for any help you can provide.

3 Replies
kona
Community Coach
Community Coach

 @jfountain  , greetings! I'm not sure of the answer to this question, but I'm going to share it with the Canvas Admins‌ and Canvas Developers‌ groups to see if they can help.

Kona

psjohnson
Community Member

Just to elaborate on Julie's question a bit - I am the technical lead here at KCU.  I work with Julie on the development team implementing the integrations of our internal systems to/from Canvas.  From what I've seen and heard, the "Grades Push" feature will post a grades file to a given URL that we set up on our side which should then be capable of processing the posted file and populate our SIS with the grades information. 

As it stand, the "Post" is not set up to use any security protocol at all.  Yes, I'm sure we could use SSL to do the post, but that does not hinder a savvy user from posting a grades file to the URL and have it processed outside of the Canvas system.  A higher level of security is needed.  One that would require some sort of credentials showing the Poster is authorized to send that file over.  We have a Service Layer here that use use successfully with other partners to transfer data to/from our university.  At the security core is the use of oAuth2 authentication which requires the usage of a security token that contains the user information and other "claims" for features and services on our system.  The Canvas grades push does not support this level of security.

Right now, we will probably go down the path of using the API to extract that information.  However, if there is anyone who has successfully secured this transmission, please let us know.  We would love to know how you did it.

 @canvas_admin ‌

Canvas Developers

#internet security

#content security policy

chofer
Community Coach
Community Coach

Hello there,  @jfountain  and  @psjohnson ...

I am reviewing some of the older questions here in the Canvas Community, and I came across your question.  While I don't necessarily have an answer for you, I did want to check in with you both because I noticed there hasn't been any new activity in this topic since June 5, 2019.  Have you been able to come up with any solutions on your own that you'd be willing to share back here in this topic?  Are you still looking for some help with this question?  If you could please come back to this topic to provide an update for us, that would be helpful.  For the time being, I am going to mark your question as "Assumed Answered" because there hasn't been any new activity in this topic for six months.  However, that won't prevent you or others from posting additional questions and/or comments below that are related to this topic.  I hope that's alright with you both.  Looking forward to hearing back from you soon, Julie and Paul.