UDOIT Cloud has recently added support for scoped developer keys. This is an important security feature for limiting the use of the Canvas API to its intended purposes. Developer keys are used to create tokens which grant access to the Canvas API. By scoping the developer key we are telling Canvas which API calls users have access to.
Setting up the scoped developer key requires the following steps:
- Enabling scopes on the Cidi Labs developer key
- Selecting the API calls needed for UDOIT to function
- Deleting existing user tokens in the UDOIT database which are not scoped
This last step is not something an institution can do on its own, which is why this installation is best done on a call with Cidi Labs. Please submit a support ticket if you are interested in setting up scoped developer keys at your institution.
For more details on which scopes are used by UDOIT, see our Admin Guide: The UDOIT Inherited Developer Key.