403 Error API Quizzes

I'm getting a 403 error when I try to do a test call to get quiz data. I am a member of the Super Administrator role and am using this for a scope:

content:*:* core:*:* datahub:*:* enrollments:*:* grades:*:* groups:*:* orgunits:*:* quizzing:quizzes:read reporting:*:* sections:*:* users:*:*

This is the call that I am currently working with:

GET /d2l/api/le/(version)/(orgUnitId)/quizzes/

I tried 1.67 and 1.76 for the version and used one of our course offering org unit ids. Everything that I try with quizzes is being met with these errors. Any advice where I can find some help with this? Perhaps I need to adjust my scope or permissions. If so, what do I need to adjust them to? I was under the impression Super Administrator should give me everything that I need, but in this as,e it obviously isn't.

Thanks.

Rotulado:

Comentários

  • Allard.N.654
    Allard.N.654 Posts: 17 🧭

    Do other, non-quiz, calls work as expected? Only thing I noticed is an erroneous scope enrollments:*:*, which should be enrollment:*:* , according to https://docs.valence.desire2learn.com/http-scopestable.html#cap-enrollment

    Other than that we were able to perform this call, with less scopes than you have.

    The response that you get (sometimes?) contains error details as well, with a field 'detail' that hopefully explains what's going on.

  • Joseph.W.983
    Joseph.W.983 Posts: 11
    editado julho 8

    Hi Jacqueline,

    Brightspace roles are individually configurable, which means that even a role like Super Admin could be configured (via roles and permissions) to be less permissive than a role named Instructor. If you're trying to use this api to fetch data about a specific quiz, the scope needed is "quizzing:quizzes:read", which you have, and your role needs the "Quizzing.SeeQuizzing" permission at the context you're trying to read from, in Roles and Permissions.

  • Jieun.K.769
    Jieun.K.769 Posts: 0

    Hi Jacqueline,

    To call the API GET /d2l/api/le/(version)/(orgUnitId)/quizzes/

    it requires

    • scope: "quizzing:quizzes:read" as documented here in the Oauth2 Scopes section, which you have.
    • role: "Quizzing.SeeQuizzing"

    If the scope is insufficient, you get 403 error with an error message,

    { Errors: [ {Message: "Insufficient scope to call API.Required: quizzing:quizzes:read"} ] }

    If the role is insufficient, you get 403 error with an error message,

    "Not authorized for [ orgUnitId: xxx, securityVariableName: Quizzing.SeeQuizzing ]"

    As Allard mentioned, reviewing the API response will provide you with more details.

  • Jacqueline.M.898
    Jacqueline.M.898 Posts: 12 🌱

    I am doing my testing using Postman and this is all I am seeing for an error message:

    { Errors: [ {Message: "Forbidden"} ] }

    Unfortunately, it's not very helpful. I am able to do several other tasks like find version, a whoami, enroll users, and view course details. The error seems to be with getting the the actual quiz data.

  • Jacqueline.M.898
    Jacqueline.M.898 Posts: 12 🌱

    I am suspecting it may be related to the role permissions. This is what my role has for viewing quizzes::

  • Allard.N.654
    Allard.N.654 Posts: 17 🧭

    Did you manage to get this working @Jacqueline.M.898 ? Otherwise you could also try to just open the full url in your browser. All scopes are allowed there, so if you still get an error it is most likely role related. If it works fine, it might be scope related or there is an entirely different issue (missing/erroneous authentication). Are you sure other calls work fine?

    @Jieun.K.769 I have never seen the second message you mentioned (in case of 403 error), but that would be very helpful. Is there a way to enable such error messages? In my experience, if a permission is missing, you get the error message that Jacqueline already cited: { Errors: [ {Message: "Forbidden"} ] }