DAP API and API key vs. client ID + secret: please clarify if any changes apply to the low level API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have experience yet using the DAP CLI (or client library). I've only used so far the low level DAP API (REST), and I've recently been confused by some of the posts that suggest that API Keys have been deprecated (or will eventually be) for use with the API. In particular, when I look at the official API documentation, I still see that it refers to API keys (and not client ids + secrets). Here's the Identity Services link where I still see this: https://identity.instructure.com/login
Can somebody clarify this?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have reached out to the Identity Service team to clarify the documentation.
DAP alpha operated with Canvas ID and secret pairs. Canvas credentials are no longer accepted by DAP, in any form. DAP alpha used Canvas credentials because at that time, DAP only provided Canvas data.
DAP beta operated with client ID and secret issued by Instructure Identity Service, which were concatenated into a single string. This single string had been called API key, which was a misnomer.
DAP client library accepts a client ID and secret, which are concatenated internally when passing to the authentication service. Since the concatenation is an implementation detail, and client ID helps in identifying requests, we prefer specifying them separately.
I hope this helps give some context.