I am developing a set of applications that uses oath2 authentication to communicate with canvas. These applications will be used in a variety of courses, and I have been successful in communicating with canvas through the API as needed so far.
My question though, is that some applications will require a "current course" id. I am able to get a list of courses a student is enrolled in, but being outside canvas, I have no way of determining which course the student linked to the activity from.
I can of course send the information along with the link (post data), but this would be susceptible to alteration by a knowledgeable user.
Are there any best practices for this I am not aware of?