Brightspace API endpoint to required permissions mapping
Hi developers!
I got multiple requests to create an overview for all the optional and required permissions for a role based on a list of endpoints that can be expected to be called from a user with that role.
Now some endpoints like GET /d2l/api/bas/(version)/issued/users/(userId)/ do have a list of the required permissions, however this seem to be missing for others like GET /d2l/api/lp/(version)/(orgUnitId)/sections/. Furthermore, an endpoint like GET /d2l/api/le/(version)/(orgUnitId)/classlist/paged/ seems to reference that some optional permissions influence the returned data ("also assuming that the calling user’s role has permission to see those values"), however I cannot find where this is specified.
In short: is there somewhere where there is an overview of all the required and optional permissions that relate to an endpoint?
Answers
-
Thank you for reaching out to us through the community!
At the moment, we don't have a specific guide that outlines permissions for API calls. However, user permissions in the UI are directly tied to what actions users can perform via the API.
For example, if a user has permission to view user awards in the UI, they will also have access to view them through API calls.
We recommend reviewing the following resources for more information:
- About Roles and Permissions – Brightspace
- Permission documentation specific to each tool (available in our documentation)
Let us know if you have any further questions!
Thanks,
Sangeetha
