AnsweredAssumed Answered

Student access token privileges

Question asked by Giddy Gitnik on Jun 5, 2018
Latest reply on Jun 22, 2018 by Giddy Gitnik

Is there a difference between manually generated user access token vs token generated using developer’s key and oAuth protocol? Difference as in terms of privileges granted by the token? It seems logical that no matter the way generated - the token will have privileges as the user themselves, but I’m not sure.

 

Also, Is there a way for a student user to look at their own page views using API? I’ve generated token as a student, and tried fetching my page views but I get the error that I’m not authorized to see it (and neither am I as a teacher). As a student I also can’t see reports on my quizzes, statistics, quiz questions, quiz submission questions, and quiz submission events. Many of those seems logical for a student to be able to view, since they are the ones generating data. What privileges does a student’s access token have in terms of fetching data and metadata generated by the student? It’s more that discouraging to see that student is not authorized to see submission events, quiz submissions and results, and page views.

 

Here are some of the API endpoints that student is not authorized to access:

 

https://canvas.instructure.com/doc/api/quiz_submission_events.html#method.quizzes/quiz_submission_events_api.index
https://canvas.instructure.com/doc/api/quiz_questions.html#method.quizzes/quiz_questions.show
https://canvas.instructure.com/doc/api/quiz_submission_questions.html#method.quizzes/quiz_submission_questions.index
https://canvas.instructure.com/doc/api/quiz_reports.html#method.quizzes/quiz_reports.index
https://canvas.instructure.com/doc/api/quiz_statistics.html#method.quizzes/quiz_statistics.index

Outcomes