Student access token privileges
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a difference between manually generated user access token vs token generated using developer’s key and oAuth protocol? Difference as in terms of privileges granted by the token? It seems logical that no matter the way generated - the token will have privileges as the user themselves, but I’m not sure.
Also, Is there a way for a student user to look at their own page views using API? I’ve generated token as a student, and tried fetching my page views but I get the error that I’m not authorized to see it (and neither am I as a teacher). As a student I also can’t see reports on my quizzes, statistics, quiz questions, quiz submission questions, and quiz submission events. Many of those seems logical for a student to be able to view, since they are the ones generating data. What privileges does a student’s access token have in terms of fetching data and metadata generated by the student? It’s more that discouraging to see that student is not authorized to see submission events, quiz submissions and results, and page views.
Here are some of the API endpoints that student is not authorized to access:
https://canvas.instructure.com/doc/api/quiz_submission_events.html#method.quizzes/quiz_submission_ev...
https://canvas.instructure.com/doc/api/quiz_questions.html#method.quizzes/quiz_questions.show
https://canvas.instructure.com/doc/api/quiz_submission_questions.html#method.quizzes/quiz_submission...
https://canvas.instructure.com/doc/api/quiz_reports.html#method.quizzes/quiz_reports.index
https://canvas.instructure.com/doc/api/quiz_statistics.html#method.quizzes/quiz_statistics.index
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There shouldn't be any difference between the privileges the two tokens have.
Also, the privileges should be the same as the logged in user, so you can easily check which API GETs are allowed by just putting the URL into your browser.
I guess some of the endpoints you want to call just aren't granular enough to be able to be used by a student and others just haven't had the permissions applied. If you have specific use cases you could add the API requirements to Ideas.