Secure exchange of api key and lti key and secret / onboarding flow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am working on an external app that uses the canvas API and also involves LTI.
So there needs to be some sort of secure exchange with user/client of them giving us a canvas api key (and canvas instance url), and us giving them an LTI key & secret. Im curious how other apps handle this exchange in their onboarding flow and manage to do it securely (not email right?)
thanks for help/pointers - mark gibson
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @mgibson2,
You'll want to look over this for the specifics https://canvas.instructure.com/doc/api/api_token_scopes.html but if it's looking for auth in my experience it uses a server or url to auth that is the consumer key and secret key as those are what allow the connection in this case.
