AnsweredAssumed Answered

Making cross-domain "Self" API calls?

Question asked by Didymus Benson on May 3, 2017
Latest reply on May 8, 2017 by Danny Wahl

The current project I'm working on has pages saved as .html files that are iframed in as the student browses. I've discovered that there will be an issue when trying to run an API call that checks the student's grades to display them on a page.

 

The trouble is that the calls in the document are coming from another instance. I'm trying to make this call:

GET [MYINSTANCE].instructure.com/api/v1/courses/[COURSEID]/analytics/users/self/assignments

When I'm "inside" that document, the file is actually on another instance, "clusterXX-files", and not my actual canvas instance.

THE BIG QUESTION:

How can we make cross-domain API calls in Canvas? What will I need to do to either access the cookie token on "clusterXX" or prove to "myinstance" that the student is the one requesting the information?

EDIT 5/4/17: Added clarification and more detail.

EDIT 5/8/17: Accepted an answer. The best thing to do is to use an LTI. I was avoiding it due to reasons I'm not at liberty to discuss. I've proposed the LTI to the people who call the shots. 

Outcomes