Rutgers organizational units are encouraged to develop applications and web services to meet the unique needs of their Canvas user population. Canvas has a robust application program interface (API) that users can build an application based on user account permissions. A Rutgers campus, school, or unit may develop a programmatic integration with Canvas that requires API access.
Application developers must:
- Review Rutgers Account Admin Roles and Permissions,
- Request admin access, and
- Work with the Rutgers Canvas admins to develop a method for accessing Rutgers Canvas by the application or web service that is independent of a user’s Canvas account.
Developer Keys, Service Accounts & Access Tokens, and LTI applications
The method of connecting to Rutgers Canvas is dependent on the intended functionality and scope of your application. Some applications may need multiple connections methods depending on functionality.
Developer keys provide access to Rutgers Canvas and Developer API Keys are limited by the scope of the key; developer LTI Keys utilize LTI advantage and have their own restrictions. Rutgers Canvas is divided into a nested set of accounts (akin to folders) with the broadest hierarchy starting at Rutgers University, and is divided into campus, school, and subject. Developer API keys can only be scoped by API access, not to a Canvas account. Issued developer API keys are limited in scope to protect Rutgers data. A developer key may include entitlements to search for users, view user enrollments, and search for courses. Developer LTI keys are used to install LTI applications into Canvas using LTI v1.3 standards.
Service Accounts and Access Tokens
Canvas users may generate an access token on their user account. The access token inherits the permissions of the user who generated the access token and allows permission to interact programmatically with the Canvas APIs to access the same data as the user would in the user interface. It is the responsibility of the application developers to adhere to university policies and best practices to ensure the security of Rutgers data.
Canvas user accounts will be created to generate access tokens for Rutgers-developed applications and assigned custom Canvas admin roles in the appropriate Canvas account.
- Account and Sub-Account Role Comparison
- Canvas Account Role Permissions
- Rutgers Account Admin Roles and Permissions
Learning Tools Interoperability applications (LTIs) are web applications designed in accordance with IMS Global Learning Consortium standards so that integration with Canvas is possible. Application developer should work with Canvas admins in your campus, school, or department to develop, test, and install your custom application. Discussions with Rutgers Canvas admins may be beneficial to determine how Rutgers Canvas set-up may affect planned functionality and features. Please review the Canvas Admin Guides for External Apps.
Rutgers organizational units are solely responsible for end-user support for applications and services developed. As part of ensuring universal access for all users and to adhere to Rutgers University World Wide Web Accessibility Policy, applications and services used by Rutgers University are required to be assessed for accessibility. Developers and stakeholders should work with Rutgers Office of IT Accessibility to ensure the application or web services meet the current adopted version of WCAG and should complete the Accessibility Risk Assessment for IT Purchases.
How to Request Developer Keys, Service Accounts & Access Tokens, and LTI applications
To request a developer key or scoped service account, please contact Rutgers Canvas admins. As you design and develop your application or web service, permissions and scopes will evolve. To begin the process, review the Canvas Developer Key and Access Token Workbook. Detailed requests are appreciated, and requests for full-access will be denied.