Connecting to OneRoster Grade Book Endpoints

This article is intended for use by members of the Digital Learning Partner Program and is not designed for general Campus users.

To connect to the OneRoster APIs of an Infinite Campus district to use grade book sync, you will need to supply additional authorization data with your requests in addition to the standard OAuth authentication. This extra authorization is in place to ensure that only our certified Digital Learning Partners are interacting with our APIs

Impacted Endpoints

In both OneRoster 1.1 and OneRoster 1.2:

  • All endpoints for lineItemCategories
  • All endpoints for lineItems
  • All endpoints for results

In OneRoster 1.2: 

  • All endpoints for assessment line items
  • All endpoints for assessment results
  • All endpoints for score scales
  • All endpoints for programs
  • All endpoints for program participation

All roster provisioning services endpoints will continue to work like normal and will not require the additional vendor authorization.

Extra Authorization

When you became a member of the Infinite Campus Digital Learning partner program, you received, or will receive, a unique vendor key and secret. These values are used, alongside the standard OAuth mechanism, to authenticate and authorize you with the Infinite Campus home office. These values will be sent to us through a custom HTTP header:

KeyValue
x-vendor-authorization{vendorKey}:{vendorSecret}

Example

Vendor Key: AwesomeLMS

Vendor Secret: F24F863DC12260780BECE846F4010431


HTTP Header: x-vendor-authorization: AwesomeLMS:F24F863DC12260780BECE846F4010431

As a reminder, this custom header is to be used in addition to the standard OAuth header that is to be included in all requests, per the specification. If the vendor authorization header is missing for any grade book sync requests, you will receive a 401 unauthorized error.

OAuth keys from Infinite Campus will always follow this format: InfiniteCampus_(vendorKey)_GUID.

Vendors can reliably identify Infinite Campus APIs based on this format.

For example: InfiniteCampus_MyAwesomeLMS_ABC123DE_28cfd188-5597-4772-bf44-ee76d52ac5de

Example of successful request

GET /api/oneroster/v1p2/{appName}/ims/oneroster/gradebook/v1p2/lineItems

accept: application/json

Authorization: Bearer {access token}
x-vendor-authorization: AwesomeLMS:F24F863DC12260780BECE846F4010431
200 OK

Example of request missing vendor authorization

GET /api/oneroster/v1p2/{appName}/ims/oneroster/gradebook/v1p2/lineItems

accept: application/json

Authorization:Bearer {access token}


401 Unauthorized