This article details how to request an API Key and Secret from NovoEd as well as how to connect the API Key to a course or whole institution.
Notes about the API Key and Secret
- The API Key can be whitelisted and able to access data from individual courses or the whole institution in NovEd. The API Key and Secret can also be used to get private user information from NovoEd and write data to a customer's instance. The API Key and Secret are as powerful as a Super Admin or Org Admin role in regards to the level of access it may provide to user information.
- Customers can choose to make the API Key and Secret more secure by enabling a dedicated set of IP addresses to use them. If you prefer to define IP addresses, please notify the NovoEd Support Team.
Requesting an API Key and Secret
To request an API Key and Secret, an Org Admin can submit a request or email the NovoEd Support Team at email@example.com with the following information:
- Institution Nickname or URL
- List of IP Addresses that will be making API calls with the API key and secret (or request that all IP addresses are whitelisted)
The NovoEd Support Team will then share the API Key and Secret with you in a separate email from Box. If you prefer another secured method of receiving the API Key and Secret, please inform the Support Team.
Connecting the API Key to a NovoEd Course/Institution
- From a course homepage, select the Admin wrench in the top-right corner.
- Select Advanced Settings under Configurations.
- In the API Key Access section, select the Configure button.
- To add a new key, enter the API Key provided by the Support Team.
- To link the whole institution, select the box next to Link Institution.
- Select the Add button.
What is the purpose of the "Link Institution" box?
By selecting the Link Institution box, the API Key will be able to manage and access data for any courses in the institution. The "Link Institution" box must be checked if you are using the Developer APIs for Programmatic Access to Org-Level Analytics Data.
What happens if I lose track of the API Secret?
After the Support Team provides you with the API Secret, they will no longer have access to it. We recommend that customers keep a record of the API Key and Secret.
If your API Secret is lost, an Org Admin can submit a request to the Support Team for a new API Secret to be created for the API Key. The API Key and Secret will be shared with the Org Admin in a separate email from Box.
NOTE: If you prefer a different secured method of receiving the API Key and Secret, please inform the Support Team.
- Make sure the key and secret are valid. Customers will receive a 401 error if they are not.
- Make sure calls are being made from an IP address that is authorized to use the key and secret. A 401 error will also be received here if they are not.
- Make sure a JSON call is being made. This can be done by adding .json to the end of the endpoint before starting to pass the parameters. If the wrong request type is made or HTTP is being requested instead of JSON, an error page will show.