Changes
→Obtaining an Access Token
Canvas allows for programmatic access to some pieces of information via the [http://instructure.github.com/canvas-lms/doc/api/ Canvas API]. API calls require authorization, and are made on behalf of an authorized user. The information returned will be different depending on the user you are representing, their roles and permissions. We are using OAuth2 for remote services to allow access to resources (note: we haven't yet completely the typical Oauth-user delegation flow, but have a pre-generation utility that can be used in the mean time), which means that all API calls will need to be over https, and will require an access token as a means of representing the user.
You can see the most up-to-date [http://instructure.github.com/canvas-lms/doc/api/API documentation on github] (note: this link is to the most up-to-date API interface, which may or may not be accurate for locally installed instances of Canvas. If you are not using Canvas Cloud, talk to you site administrator about getting an accurate set of API documentation. Admins, you can generate this documentation by running rake doc:api on the console).
== Obtaining an Access Token ==
[[Image:approved_integrations.png|300px|thumb|right|Approved Integrations on the user profile page]]
[[Image:generate_an_access_token.png|300px|thumb|right|Generating an access token]]
[[Image:access_token_details.png|300px|thumb|right|Reviewing access token details]]
In a user's profile, there is a section titled, "Approved Integrations". This is a way for a user to create an access token that can be shared with a third party, giving the remote service permission to access Canvas resources on behalf of the user. The user can give a name to the external tool for easier identification, set an expiration, and even revoke access to the API by deleting the token.
Once you have a Canvas login you can create one of these access tokens to use for testing your development projects. Copy down the token string. This token must be included as a URL query parameter in any API calls made to Canvas.
<div style="clear: right;"></div>
== Making API Calls With an Access Token ==
All API calls must also be made over https. The access token must be included as a URL query parameter in any API calls made to Canvas. For example, the endpoint to grab the user's list of courses is
<pre>GET /api/v1/courses.json</pre>
If Bob's access token were "token_of_magical_power" then you would call
<pre>GET /api/v1/courses.json?access_token=token_of_magical_powers</pre>
to retrieve Bob's list of courses.
For a detailed example of using the API, check out the [http://instructure.github.com/canvas-lms/doc/api/basics.html API basics documentation on github].
You can see the most up-to-date [http://instructure.github.com/canvas-lms/doc/api/API documentation on github] (note: this link is to the most up-to-date API interface, which may or may not be accurate for locally installed instances of Canvas. If you are not using Canvas Cloud, talk to you site administrator about getting an accurate set of API documentation. Admins, you can generate this documentation by running rake doc:api on the console).
== Obtaining an Access Token ==
[[Image:approved_integrations.png|300px|thumb|right|Approved Integrations on the user profile page]]
[[Image:generate_an_access_token.png|300px|thumb|right|Generating an access token]]
[[Image:access_token_details.png|300px|thumb|right|Reviewing access token details]]
In a user's profile, there is a section titled, "Approved Integrations". This is a way for a user to create an access token that can be shared with a third party, giving the remote service permission to access Canvas resources on behalf of the user. The user can give a name to the external tool for easier identification, set an expiration, and even revoke access to the API by deleting the token.
Once you have a Canvas login you can create one of these access tokens to use for testing your development projects. Copy down the token string. This token must be included as a URL query parameter in any API calls made to Canvas.
<div style="clear: right;"></div>
== Making API Calls With an Access Token ==
All API calls must also be made over https. The access token must be included as a URL query parameter in any API calls made to Canvas. For example, the endpoint to grab the user's list of courses is
<pre>GET /api/v1/courses.json</pre>
If Bob's access token were "token_of_magical_power" then you would call
<pre>GET /api/v1/courses.json?access_token=token_of_magical_powers</pre>
to retrieve Bob's list of courses.
For a detailed example of using the API, check out the [http://instructure.github.com/canvas-lms/doc/api/basics.html API basics documentation on github].
