Fine-tuning API access for Education
I am a student who is currently beginning to work on an application as a part of a senior project. My application needs access to some specific endpoints such as (not necessarily limited to):
- all sections
- students by section
- master calendar
et cetera. However, the IT department will not give me access unless there is a way to restrict the access to just the endpoints needed (they do not want me being able to access sensitive information about other students such as their grades and disciplinary history). Hopefully, if the student was signed into their own account, they could access their own grades, but the general API should not be able to do this. Is there any way to restrict access in such a way? Help would be greatly appreciated.
Comments
-
Hi @James Phieffer, this sounds like a really great project and we're excited to see students using the API. Unfortunately, the endpoints referenced are accessed based on roles listed on the endpoint documentation. These particular endpoints would require a manager role that would allow you access to other student information. There is not current way to restrict access to certain endpoints besides the role access already in place.
1 -
@James Phieffer
Hi James. Todd's right, as is your school. Data security is one of the most important things to keep in mind when creating an app that accesses someone else's data.The good news is that there are endpoints that are meant for Student users to call. These endpoints are meant for non-admin users, and have extra security built in. So, not only does the user need the correct role on their account, but the id used for the API call must be the same id as the logged-in user. That makes sure you are only requesting data for yourself and not some other student, and parent users can request data for any student where they have parental access.
For you to access these endpoints, you'll need a SKY Developer Account. It's the first step in our Getting Started documentation.
Some examples of endpoints for Student users are:
- GET Academics sections for student
- GET Academics assignments for student
- GET Directories and GET Directories results
- GET Content News Items and GET Content News categories
- GET Calendar for User
- GET Schedules - Meetings for a student
- All of the Core <x> endpoints, like GET Core years, are available to all users
Note that if an endpoint says “for <x>” it is meant for an end-user like a student. Endpoints meant for admin users usually have “by user” or “by role” or the like.1 -
@James Phieffer
Also note: Once you are set up with a dev account, you can test endpoints using the Try It button from the endpoint's documentation.
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 213 bbcon®
- 1.4K Blackbaud Altru®
- 402 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 655 Blackbaud Grantmaking™
- 576 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 939 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.6K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 241 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 34 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 792 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)