Skip to first unread message
olmetr...@gmail.com
Aug 28, 2014, 5:01:00 PM8/28/14
to valenc...@googlegroups.com
We are interested in standing up several training websites that provide just in time information for faculty but also include assessments that communicate performance back to BrightSpace. We have somewhat successfully used the Valence API for Gradebooks but don't know the best practice for this situation.
We want users to get authenticated through BrightSpace with a callback to our training website. Considerable time might pass between authentication and the reporting of an assessment. Perhaps 1 hour.
Will a signed REST call still be valid, given that the signature is time-stamped?
Is there a better way of handling the authentication? It seems a bit clumsy to have the user access the training site, be routed to the LMS login in page and then re-routed back to the training. Is there an alternative, but secure method for authentication?
Does the API support writing to a gradebook item with student user permissions?
We want users to get authenticated through BrightSpace with a callback to our training website. Considerable time might pass between authentication and the reporting of an assessment. Perhaps 1 hour.
Will a signed REST call still be valid, given that the signature is time-stamped?
Is there a better way of handling the authentication? It seems a bit clumsy to have the user access the training site, be routed to the LMS login in page and then re-routed back to the training. Is there an alternative, but secure method for authentication?
Does the API support writing to a gradebook item with student user permissions?
Desire2Learn Staff: Sarah-Beth
Aug 29, 2014, 11:53:56 AM8/29/14
to valenc...@googlegroups.com
You do have to redirect the user to log in directly with the LE. That model ensures that third-party apps don't have access to the user names and passwords of LE users and instead relies on the id\key authentication model that our platform is built around.
In regards to permissions, the rule of thumb is that the API always respects the permissions of the calling user. So if your LE doesn't allow a student to take an action, then the API will not allow that action either. In regards to the gradebook, if the student completes a gradeable item, the result is sent to the gradebook. But the API will not allow a student account to modify a gradebook outside of that context if the LE permissions don't allow it.
olmetr...@gmail.com
Sep 5, 2014, 5:00:47 PM9/5/14
to valenc...@googlegroups.com
Thanks so much, Sarah-Beth.
Related to putting a value into the gradebook, we're still not successful but have made several assumptions, one or more of which may be incorrect.
The gradebook item is not associated with an activity. The intent of the item is track the performance of an individual working in a Learning Object outside of D2L
(We have a valid gradebook object, into which we wish to put a value.)
The user is a student who is enrolled in the class and is on the classlist.
We are using Put method
The action is /d2l/api/le/1.0/2554645/grades/
The JSON that we are sending is:
{
"DisplayedGrade": "7",
"GradeObjectIdentifier": "9787197",
"GradeObjectName": "Item 1",
"GradeObjectType": 1,
"GradeObjectTypeName": "Numeric"
}
We're getting a 403 Forbidden error, which suggests that we can't put a grade into the gradebook under this user context. ( But I know that sometimes invalid data will cause a misleading error code like a 404. )
Where are we going wrong?
Related to putting a value into the gradebook, we're still not successful but have made several assumptions, one or more of which may be incorrect.
The gradebook item is not associated with an activity. The intent of the item is track the performance of an individual working in a Learning Object outside of D2L
(We have a valid gradebook object, into which we wish to put a value.)
The user is a student who is enrolled in the class and is on the classlist.
We are using Put method
The action is /d2l/api/le/1.0/2554645/grades/
The JSON that we are sending is:
{
"DisplayedGrade": "7",
"GradeObjectIdentifier": "9787197",
"GradeObjectName": "Item 1",
"GradeObjectType": 1,
"GradeObjectTypeName": "Numeric"
}
We're getting a 403 Forbidden error, which suggests that we can't put a grade into the gradebook under this user context. ( But I know that sometimes invalid data will cause a misleading error code like a 404. )
Where are we going wrong?
Desire2Learn Staff: Sarah-Beth
Sep 8, 2014, 3:26:46 PM9/8/14
to valenc...@googlegroups.com
Hi there
I see a few things happening with the call you're attempting.
#1) The route you've specified is not a valid PUT. There is an ability to GET and POST to that route, but the PUT requires you to specify the (gradeObjectId).
#2) In your example above, you're using the 1.0 version of this route. Keep in mind, that 1.0 routes have been deprecated and become obsolete with the September 2014 release of the Brightspace platform (see Note below the versions table in that topic). It's a good idea to use the highest available API contract when making calls. You can check the highest available contract for your environment by doing a GetVersions call.
Give those tweaks a try and let me know if you still aren't successful making the call.
~S-BB
olmetr...@gmail.com
Sep 12, 2014, 3:59:34 PM9/12/14
to valenc...@googlegroups.com
Yes. These were good suggestions. It worked!
Desire2Learn Staff: Sarah-Beth
Sep 16, 2014, 1:22:33 PM9/16/14
to valenc...@googlegroups.com
Excellent! So glad you were able to move forward. Please let us know how the project turns out.
Reply all
Reply to author
Forward
0 new messages