It is acceptable to enable scopes on the Canvas developer key used with an Edlink integration. Some institutions may even require this as a matter of security policy. However, Canvas' current behavior imposes trade-offs that limit recommending scoped keys broadly.
There are two primary reasons, one technical and one operational:
Enabling scopes disables the Canvas GraphQL API
When scopes are enabled on a Canvas developer key, the GraphQL API is effectively unavailable for that key. The underlying reason is not publicly documented. Edlink relies on GraphQL for most rostering operations because it reduces API traffic and allows retrieval of compound objects in a single request (e.g., course + sections + enrollments) instead of multiple requests.
Scope management is error-prone and hard to maintain at scale
Canvas exposes a large number of highly granular scopes tied to specific REST API endpoints. This makes configuration easy to misapply and complicates future changes (e.g., switching to improved endpoints) because each institution must update its scopes. Edlink supports approximately a thousand Canvas instances; coordinating per-instance scope adjustments is not feasible at this scale.
Fallback behavior
Edlink provides REST API fallbacks for all GraphQL queries it uses. While REST API requests are slower and generate more API traffic, they ultimately produce the same results.
Recommended Scopes List
If you have decided to go with an explicit list of scopes, you must:
- Enable the "Enforce Scopes" toggle in the Canvas "Key Settings" page.
- Check the "Allow Include Parameters" box.
Then, we recommend checking the "Read only (get)" checkbox. However if you cannot do so, the list of GET urls we ask that you allow is:
| Section | URL |
|---|---|
| Assignments | url:GET|/api/v1/courses/:course_id/assignments/:assignment_id/overrides |
| Assignments | url:GET|/api/v1/courses/:course_id/assignments/:assignment_id/overrides/:id |
| Assignments | url:GET|/api/v1/sections/:course_section_id/assignments/:assignment_id/override |
| Assignments | url:GET|/api/v1/groups/:group_id/assignments/:assignment_id/override |
| Assignments | url:GET|/api/v1/courses/:course_id/assignments/overrides |
| Assignments | url:GET|/api/v1/courses/:course_id/assignments |
| Assignments | url:GET|/api/v1/courses/:course_id/assignment_groups/:assignment_group_id/assignments |
| Assignments | url:GET|/api/v1/users/:user_id/courses/:course_id/assignments |
| Assignments | url:GET|/api/v1/courses/:course_id/assignments/:id |
| Assignment Groups | url:GET|/api/v1/courses/:course_id/assignment_groups |
| Assignment Groups | url:GET|/api/v1/courses/:course_id/assignment_groups/:assignment_group_id |
| Grading Periods | url:GET|/api/v1/courses/:course_id/grading_periods |
| Grading Periods | url:GET|/api/v1/courses/:course_id/grading_periods/:id |
| Modules | url:GET|/api/v1/courses/:course_id/modules |
| Modules | url:GET|/api/v1/courses/:course_id/modules/:id |
| Modules | url:GET|/api/v1/courses/:course_id/modules/:module_id/items |
| Modules | url:GET|/api/v1/courses/:course_id/modules/:module_id/items/:id |
| Modules | url:GET|/api/v1/courses/:course_id/module_item_sequence |
| Submissions | url:GET|/api/v1/courses/:course_id/assignments/gradeable_students |
| Submissions | url:GET|/api/v1/courses/:course_id/assignments/:assignment_id/submissions |
| Submissions | url:GET|/api/v1/courses/:course_id/students/submissions |
| Submissions | url:GET|/api/v1/courses/:course_id/assignments/:assignment_id/submissions/:user_id |
| Submissions | url:GET|/api/v1/sections/:section_id/assignments/:assignment_id/submissions |
| Submissions | url:GET|/api/v1/sections/:section_id/students/submissions |
| Submissions | url:GET|/api/v1/sections/:section_id/assignments/:assignment_id/submissions/:user_id |
| Enrollments | url:GET|/api/v1/courses/:course_id/enrollments |
| Enrollments | url:GET|/api/v1/sections/:section_id/enrollments |
| Enrollments | url:GET|/api/v1/users/:user_id/enrollments |
| Enrollments | url:GET|/api/v1/accounts/:account_id/enrollments/:id |
| Sections | url:GET|/api/v1/courses/:course_id/sections |
| Sections | url:GET|/api/v1/courses/:course_id/sections/:id |
| Sections | url:GET|/api/v1/sections/:id |
| Courses | url:GET|/api/v1/courses |
| Courses | url:GET|/api/v1/courses/:id |
| Courses | url:GET|/api/v1/courses/:course_id/students |
| Courses | url:GET|/api/v1/courses/:course_id/users |
| Courses | url:GET|/api/v1/courses/:course_id/users/:id |
| Courses | url:GET|/api/v1/users/:user_id/courses |
| Courses | url:GET|/api/v1/accounts/:account_id/courses/:id |
| Accounts | url:GET|/api/v1/accounts |
| Accounts | url:GET|/api/v1/accounts/:id |
| Accounts | url:GET|/api/v1/accounts/:account_id/courses |
| Accounts | url:GET|/api/v1/accounts/:account_id/sub_accounts |
| Users | url:GET|/api/v1/accounts/:account_id/users |
| Users | url:GET|/api/v1/users/:id |
| Users | url:GET|/api/v1/users/:user_id/profile |
| Enrollment Terms | url:GET|/api/v1/accounts/:account_id/terms |
| Enrollment Terms | url:GET|/api/v1/accounts/:account_id/terms/:id |
Additionally we ask for some Write URL permissions in order to enable full platform functionality:
| Section | URL |
|---|---|
| Assignments | url:POST|/api/v1/courses/:course_id/assignments |
| Assignments | url:PUT|/api/v1/courses/:course_id/assignments/:id |
| Assignments | url:DELETE|/api/v1/courses/:course_id/assignments/:id |
| Assignment Extensions | url:POST|/api/v1/courses/:course_id/assignments/:assignment_id/extensions |
| Submissions | url:POST|/api/v1/courses/:course_id/assignments/:assignment_id/submissions |
| Submissions | url:PUT|/api/v1/courses/:course_id/assignments/:assignment_id/submissions/:user_id |
| Modules | url:PUT|/api/v1/courses/:course_id/modules/:id |
| Modules | url:POST|/api/v1/courses/:course_id/modules |
| Modules | url:DELETE|/api/v1/courses/:course_id/modules/:id |
| Assignment Groups | url:POST|/api/v1/courses/:course_id/assignment_groups |
| Assignment Groups | url:PUT|/api/v1/courses/:course_id/assignment_groups/:assignment_group_id |
| Assignment Groups | url:DELETE|/api/v1/courses/:course_id/assignment_groups/:assignment_group_id |
| Sections | url:POST|/api/v1/courses/:course_id/sections |
| Sections | url:PUT|/api/v1/setions/:id |
| Sections | url:DELETE|/api/v1/setions/:id |
| Courses | url:PUT|/api/v1/courses/:id |
| Courses | url:POST|/api/v1/accounts/:account_id/courses |
| Enrollments | url:POST|/api/v1/sections/:section_id/enrollments |
| Enrollments | url:DELETE|/api/v1/courses/:course_id/enrollments/:id |
| Quiz Submission Files | url:POST|/api/v1/courses/:course_id/quizzes/:quiz_id/submissions/self/files |
| Pages | url:PUT|/api/v1/courses/:course_id/pages/:url_or_id |
| Pages | url:POST|/api/v1/courses/:course_id/pages |
| Pages | url:DELETE|/api/v1/courses/:course_id/pages/:url_or_id |
| Users | url:POST|/api/v1/accounts/:account_id/users |
| Users | url:PUT|/api/v1/users/:id |
| Rubrics | url:PUT|/api/v1/courses/:course_id/rubrics/:id |
| Enrollment Terms | url:POST|/api/v1/accounts/:account_id/terms |
| Enrollment Terms | url:PUT|/api/v1/accounts/:account_id/terms/:id |
| Enrollment Terms | url:DELETE|/api/v1/accounts/:account_id/terms/:id |