Community Help

fosterl · ‎02-13-2020

Have other institutions issued API Keys for Catalog development? We have just done our first one, so far only in Beta. It's a bit concerning, because we have various units at our institutions in subcatalogs, and providing an API Key is for the entire Catalog, not limitable to subcatalogs. I don't even see in the API calls where it is possible to make subcatalog-specific API calls, nor can I scope the API calls to GET only or something. So an API Key is wide open for any and all API calls.

Just curious if others are doing this, what precautions you're taking or wish you could take. I know it's expecting a lot for Catalog's API Key functionality to be as sophisticated as Canvas is now, but one can always hope!

jsowalsk · ‎02-13-2020

This would be a great topic for our call tomorrow, @fosterl ‌. Please add it to the agenda.

fosterl · ‎02-25-2020

This was discussed in the 2/14/20 Catalog User Group meeting, just putting notes here for those who did not attend. It was suggested that, since our institution already downloads and uses Canvas Data, the developer might be able to get the Catalog information they need from Canvas Data, instead of accessing Catalog with an API Key. If this project moves forward, we will look into that!

jsowalsk · ‎02-25-2020

Hi Lindy,

Please reach out if you need anything.

Jessica

rpsloan · ‎04-11-2023

@fosterlWould love to know how you are getting information without having to use an unscoped Catalog API, if your institution is still using Catalog.

escull · ‎09-03-2024

I'd like to bump this zombie thread to see if anyone else is in this boat; that is, the need to be able to create API tokens that are scoped to the sub-catalog level. The use case is fairly straightforward: we have sub-catalog owners who would like to create programmatic solutions (for analytics, reporting, or other integrations) where those solutions should only have access to their sub-catalog and not the entire instance. Read-only access would likely be fine for most if not all of these types of API needs.

If this is not on the roadmap, we may look at rolling our own solution based on CD2. But a Catalog-native API solution for sub-catalog owners would be ideal.

rpsloan · ‎09-30-2024

@escull I agree it's a much needed functionality to scope API tokens to a specific sub-catalog. I posted a feature idea about this. Hopefully a change in the idea and themes voting can get this prioritized. With the recent quick fixes with Catalog, I hope this is part of the quick fixes they will consider (but then again, this might not be considered as a quick fix by their team).

jsowalsk · ‎09-28-2024

@fosterl Regarding tokens for pulling API, when departments or Catalog admins ask for data we do not provide tokens instead we provide csv data to them.

Issuing API Keys for Catalog

TURNING OFF SELF PACING

4 August 2023 2023 Catalog Users' Group Meeting

After finishing the Module you have to hit done to...

7 April 2023 Catalog Users' Group Meeting

Catalog Integrated with Stripe

Subadmin Catalog Admin

Import Media Gallery: Canvas LMS to Canvas Catalog

Touchnet Payments

Completed Certificates not Reporting

I need to add a class. How do I do that?

You're signed out

Issuing API Keys for Catalog

Community Help

View our top guides and resources: