403 Error API Quizzes

Options

I'm getting a 403 error when I try to do a test call to get quiz data. I am a member of the Super Administrator role and am using this for a scope:

content:*:* core:*:* datahub:*:* enrollments:*:* grades:*:* groups:*:* orgunits:*:* quizzing:quizzes:read reporting:*:* sections:*:* users:*:*

This is the call that I am currently working with:

GET /d2l/api/le/(version)/(orgUnitId)/quizzes/

I tried 1.67 and 1.76 for the version and used one of our course offering org unit ids. Everything that I try with quizzes is being met with these errors. Any advice where I can find some help with this? Perhaps I need to adjust my scope or permissions. If so, what do I need to adjust them to? I was under the impression Super Administrator should give me everything that I need, but in this as,e it obviously isn't.

Thanks.

Tagged:

Comments

  • Allard.N.654
    Allard.N.654 Posts: 14 🧭
    Options

    Do other, non-quiz, calls work as expected? Only thing I noticed is an erroneous scope enrollments:*:*, which should be enrollment:*:* , according to https://docs.valence.desire2learn.com/http-scopestable.html#cap-enrollment

    Other than that we were able to perform this call, with less scopes than you have.

    The response that you get (sometimes?) contains error details as well, with a field 'detail' that hopefully explains what's going on.

  • Joseph.W.983
    Joseph.W.983 Posts: 9
    edited July 8
    Options

    Hi Jacqueline,

    Brightspace roles are individually configurable, which means that even a role like Super Admin could be configured (via roles and permissions) to be less permissive than a role named Instructor. If you're trying to use this api to fetch data about a specific quiz, the scope needed is "quizzing:quizzes:read", which you have, and your role needs the "Quizzing.SeeQuizzing" permission at the context you're trying to read from, in Roles and Permissions.

  • Jieun.K.769
    Jieun.K.769 Posts: 0
    Options

    Hi Jacqueline,

    To call the API GET /d2l/api/le/(version)/(orgUnitId)/quizzes/

    it requires

    • scope: "quizzing:quizzes:read" as documented here in the Oauth2 Scopes section, which you have.
    • role: "Quizzing.SeeQuizzing"

    If the scope is insufficient, you get 403 error with an error message,

    { Errors: [ {Message: "Insufficient scope to call API.Required: quizzing:quizzes:read"} ] }

    If the role is insufficient, you get 403 error with an error message,

    "Not authorized for [ orgUnitId: xxx, securityVariableName: Quizzing.SeeQuizzing ]"

    As Allard mentioned, reviewing the API response will provide you with more details.

  • Jacqueline.M.898
    Jacqueline.M.898 Posts: 12 🌱
    Options

    I am doing my testing using Postman and this is all I am seeing for an error message:

    { Errors: [ {Message: "Forbidden"} ] }

    Unfortunately, it's not very helpful. I am able to do several other tasks like find version, a whoami, enroll users, and view course details. The error seems to be with getting the the actual quiz data.

  • Jacqueline.M.898
    Jacqueline.M.898 Posts: 12 🌱
    Options

    I am suspecting it may be related to the role permissions. This is what my role has for viewing quizzes::