Different Roles for Different SKY API calls

Lindsey Bryant

I'm wondering if someone can explain to me why there are different roles for different API calls. For example, I went to execute the API call “Academic Sections for Students” today and wasn't able to because I don't have a role of Parent, Student or Faculty. As a developer, I don't need any of these. I simply need to execute the API. This setup requires that a developer would need to be added to every single role to be able to fully execute any of the API calls.

My request would be to either remove the role requirement or make a standard API role that would have permissions to these.

Stephen Boyle

@Lindsey Bryant
Hi Lindsey,

There are a couple of reasons for the role selections. The primary one is to ensure the user accessing the data is the right type of user. Thus, you see the Attendance Manager as the only role for attendance endpoints, or Scheduling Manager and Group Managers for the Schedules Meetings endpoint.

Another aspect that determines role lists has to do with end users (students, parents, faculty) vs admin users (Platform Manager, Attendance Manager, etc.). This is the one that applies to the Academics sections for a student endpoint. An end user is supposed to see specific data while an admin user likely gets more data (such as configuration related data).

In the case of Academics sections for a student, it is intended for end users. The use case would be a mobile app where it is actually a student logging in and getting their own data. In fact, those endpoints have an extra layer of security to ensure the logged-in user matches the user data being requested. That isn't something an admin user would need (or want) applied to their access.

Thus, there is an admin version for that same data called Academics student enrollment list. It also returns a set of classes for a student, but is intended for admin use. I realize there isn't much to indicate this distinction besides the list of roles, and the naming conventions has not been consistent over the years. We are working to correct that as much as we can without causing any breaking changes.

I hope that helps,
Stephen

Lindsey Bryant

@Stephen Boyle
Thanks for the quick response. I'm not disagreeing with the new for different roles to ensure users within the UI can only see specific/approve areas. I'm not sure how many attendance managers would be opening the SKY API Development to run an API on advisories, assignments, etc. Ultimately, I would think a user who is part of the Platform Manager role (or a specific SKY API role) has their account setup to access the SKY API, they should be able to run all the APIs available without having to be added to numerous other roles.

I do agree it would be helpful to show more of a distinction between these roles. Whether that's a naming convention, the way they are tagged/groups in the upcoming preview of the new developer page, etc. Again, thanks for the quick response.

Lindsey Bryant

@Stephen Boyle and thank you for pointing me to the other API. I am going through each one to understand them more as we look to build our our ODS for sharing data out of BBEM to other systems.