Using API endpoints for Quizzes

Jump to solution
MarilouLandes
Community Explorer

I am developing an external app that starts a quiz, retrieves the questions, then saves/updates the responses, and finally, completes the quiz, using various API Endpoints.  There does not appear to be any type of workflow documentation for this process, so my methodology is basically to "try this and see what happens".

For all the following, Shibboleth authentication is used, and an OAuth2 workflow is completed successfully.

Using my personal credentials as an administrator, I am able to

  1. list quizzes in a course,
  2. create a quiz submission for a quiz in a course, and
  3. get Quiz Questions for a specific quiz in a course (GET /api/v1/courses/:courseID/quizzes/:quizID/questions)

Using a test student account, I am able to

  1. list quizzes in a course,
  2. create a quiz submission for a quiz in a course, and
  3. I am unable to get Quiz Questions for a specific quiz in a course.  The response is {"status":"unauthorized","errors":[{"message":"user not authorized to perform that action"}]}

The have several questions:

  1. Is there some workflow-type documentation that describes how the various endpoints should be used?
  2. Am I using the correct endpoint for the student to retrieve the quiz qestions?
  3. Are there (script) examples of this process that anyone is willing to share from which I can learn?

Thanks for any and all feedback!

Labels (1)
0 Likes
1 Solution

@MarilouLandes 

Now that I'm not rushed to pick up my daughter, I took another look at things. I am thinking that the "update" permission is the one that allows the instructor to add, delete, or manage quizzes. That is, students will never have it, which means that you will not be able to get the student's response out of there with a student token, unless perhaps you have the quiz submission ID.

Of the three IDs you gave me, none of them were the quiz submission ID.

To get the Quiz Submission ID, get the submissions: GET /api/v1/courses/:course_id/quizzes/:quiz_id/submissions

The id is the quiz submission id since you're making a call to get the submissions (whatever object you are fetching, the "id" is the id for that object and other id's have prefixes that name them).

I went through and was able to get the quiz questions (just the questions, not the responses) using that API for the teacher. When I try masquerading as the student who took the quiz, I get the 401 Unauthorized message.

That means that you're not going to be able to get the questions as the student using that API call.

I was, however, able to get the quiz questions using a student token from the Quiz Submission Questions API: GET /api/v1/quiz_submissions/:quiz_submission_id/questions

Again, those are just the questions, not the responses that were given. It does, however, include a correct property that indicates whether the student scored the question correctly (this might depend on quiz settings).

View solution in original post

0 Likes