How to use APIs in Custom Widgets
I am attempting to use this endpoint:
https://(our brightspace sandbox).brightspace.com/d2l/api/lp/1.9/enrollments/users/(test user ID that exists and has valid enrollments)/orgUnits
Purpose - Create a Custom Widget that will allow students to see any Inactive Courses they are enrolled in by parsing JSON responses to pull the Course Name and its active/inactive flag.
I am getting results, which means this endpoint is working.
Like someone else from a post I saw previously, I have loaded my OAuth2.0 client ID and client secret into my JS file (saved on Brightspace). I know this is not ideal from a security endpoint, but I wanted to see if I can get the data first before handling security issues.
Are widgets just unable to use APIs to display information like Enrollment Data?
Answers
-
Hello, Mateen, and thank you for reaching out to the Brightspace Community today!
You have mentioned that you are getting results. Are the results incomplete? What information is missing, more in particular?
Also, have you checked in the Settings of your Student role if they have enabled the option to "Access inactive courses"? I understand that this needs to be enabled so that the Users will be able to see the inactive courses in the custom widget you are designing.
Thank you and until soon,
Piero -
@Piero.d.211 - Thank you for taking the time to respond to my post.
- The results are not incomplete, I am filtering for OrgUnitId type "Course Offering"
- The Role Settings for that checkbox "Access Inactive Courses" is not something we want to give Students access to while those Instructors (or Admins) are testing in the course before they are ready to activate them.
- In our case, where the Instructors or Admins forget to activate the course after the semester has started.
- We want to give students a simple informational of courses they cannot access due to their inactive status and nothing more than that.
- In our case, where the Instructors or Admins forget to activate the course after the semester has started.
An additional question: Are the widgets limited to what APIs can be used within them (tech stack: HTML/CSS/JS) ? Or am I allowed to use any API currently available within the widgets?
Do you have any solutions to avoid exposing refresh and access token data in the widget code itself?
-
Hello, Mateen.
Sorry for my delay in getting back to you. I am consulting your questions with our internal teams and should have an update for you soon. Thanks!