Using API to add enrollment generates 403 Error

[bob.in...@brin.com]

I am attempting to add either a TeacherEnrollment or a TaEnrollment to an existing course (unpublished) and keep getting both a "100 Continue" followed by a "403 Forbidden" error message.

The JSON reply is always: {"message":"No parameters given"}

I've been using the associated (admin-level) auth-token for a while without issues. It has not expired.

Here is an example using curl from the command line (auth token edited out for security reasons.) It is structured identically to the example in the API docs:

curl -v -H 'Authorization: Bearer <ACCESS-TOKEN>' 'https://test.instructure.com/api/v1/courses/273091/enrollments' -X POST -F 'user_id=1288604' -F 'type=TeacherEnrollment' -F 'notify=true'

* About to connect() to test.instructure.com port 443 (#0)

*   Trying 54.208.61.8... connected

* successfully set certificate verify locations:

*   CAfile: none

  CApath: /etc/ssl/certs

* SSLv3, TLS handshake, Client hello (1):

* SSLv3, TLS handshake, Server hello (2):

* SSLv3, TLS handshake, CERT (11):

* SSLv3, TLS handshake, Server key exchange (12):

* SSLv3, TLS handshake, Server finished (14):

* SSLv3, TLS handshake, Client key exchange (16):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSL connection using DHE-RSA-AES256-SHA

* Server certificate:

*        subject: OU=Domain Control Validated; CN=*.instructure.com

*        start date: 2013-04-03 04:02:12 GMT

*        expire date: 2016-05-27 19:30:48 GMT

*        subjectAltName: test.instructure.com matched

*        issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287

*        SSL certificate verify ok.

> POST /api/v1/courses/273091/enrollments HTTP/1.1

> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3

> Host: test.instructure.com

> Accept: */*

> Authorization: Bearer <ACCESS-TOKEN>

> Content-Length: 358

> Expect: 100-continue

> Content-Type: multipart/form-data; boundary=----------------------------39f213ce1e0d

>

< HTTP/1.1 100 Continue

< HTTP/1.1 403 Forbidden

< Cache-Control: no-cache

< Content-Type: application/json; charset=utf-8

< Date: Thu, 23 Jan 2014 20:23:27 GMT

< P3P: CP="None, see http://www.instructure.com/privacy-policy"

< Server: Apache

< Set-Cookie: canvas_session=<COOKIE>; path=/; secure; HttpOnly

< Status: 403

< Vary: Accept-Encoding

< X-Canvas-Meta: a=8;s=2;c=cluster2;z=us-east-1b;

< X-Canvas-User-Id: 20000001163333

< X-Frame-Options: SAMEORIGIN

< X-Request-Context-Id: 23fee220-669a-0131-9f84-0a22090fd302

< X-Runtime: 114

< X-Session-Id: 4f499fda495d99b553cb8d9fdc12e1ad

< X-UA-Compatible: IE=edge,chrome=1

< Content-Length: 33

< Connection: keep-alive

* HTTP error before end of send, stop sending

<

* Closing connection #0

* SSLv3, TLS alert, Client hello (1):

{"message":"No parameters given"}

Any ideas what I am doing wrong?

Thanks,

Bob

[bob.in...@brin.com]

No takers on this one?

The curl invocation line is right out of the API docs!

Also, this a hosted (AWS) production system, not my own build.

Any help would be most appreciated.

Bob

[Chris Herdt]

Hi Bob,

Your parameters don't match what is in the API docs:
https://canvas.instructure.com/doc/api/enrollments.html#method.enrollments_api.create

Try this instead:
curl -v -H 'Authorization: Bearer <ACCESS-TOKEN>' 'https://test.instructure.com/api/v1/courses/273091/enrollments' -X POST -F 'enrollment[user_id]=1288604' -F 'enrollment[type]=TeacherEnrollment' -F 'enrollment[notify]=true'

--
 
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Chris Herdt
Web Applications Developer
http://osric.com/chris/

[bob.in...@brin.com]

Thanks to Chris for providing the answer!

I think the confusion came from the curl examples embedded in the actual API controller code - if you click on the "EnrollmentsApiController#create" in the Enrollment API documentation, it takes you to the GiHub source for the controller.

The comments are supposedly directly generated form the source.

Anyway, the "curl" examples in the source show incorrect syntax.

Should've stuck with the API doc instead of the source comments.

Thanks again, Chris!

Bob

On Thursday, January 23, 2014 1:36:12 PM UTC-7, bob.in...@brin.com wrote: