Using web services
Template:Moodle 2.0This document explains how an administrator can set up a web service for users to access a service. All users will have a specific and unique security key (also known as a "token") to access the service. Each user will normally enter their own security key into an external application.
Enabling web services
- Access Settings > Site administration > Advanced features
- Check 'Enable web services' then click 'Save Changes'
Note: For security reasons, web services should only be enabled if you intend to make use of it.
Enabling protocols
Usually external applications that users wish to use dictate which protocols should be enabled.
- Access Settings > Site administration > Plugins > Web services > Manage protocols
- Enable the protocols (SOAP, REST, XMLRPC, AMF, ...) as required
Enabling web service function documentation
Enabling web service function documentation (also on the Manage protocols page) results in user-specific web service descriptions being available for each user on their security keys page. This option is mainly useful to web service client developers. If nobody is creating a web service client, there is no need to enable this feature.
Creating a service
There are no default web services in Moodle so it is necessary to create a custom service i.e. select which of the standard web service functions are available via that service.
You can enable only the specific functions that you need to expose, so not compromising on security.
- Access Settings > Site administration > Plugins > Web services > External services
- Click Add new custom service
The Add a service page should be displayed.
- "Authorised users only": if enabled, you will need to select the authorised users manually. Otherwise all Moodle users are allowed, at the condition they have the right permissions
- required capability: if enabled, any user accessing the web service will be checked against this selected capability. It is just an additional and optional security layer for your own usage.
Enter a name and check enable Uncheck Authorised users only and required capability Click on Add service
Add functions to the service
At this moment your service is empty and doesn't do much. You want to add some web service function to it. Your choice will be dictated by what you allow the external application to do. For now you are going to select 'Create group' function for the only reason that it is the function used as example to create a web service client.
Click Add functions link, Select 'create group' function and click Add functions button
You should be back to the service function list. Next to each function you can see a 'Required capabilies' field. Users need these capabilities to run each function. However there is some exception. Sometimes a function use case could not require the entire capability list. The only way to be 100% sure is to read the web service function documentation (even though they are currently not indicated see MDL-XXX). Core developers try to keep capability names clear enough that it should straight forward for administrator to guess it right.
.
Enable capabilities to users
The last step, and the trickiest, is to grant the right permission to the users. They would need the following capabilities:
- "moodle/webservice:createtoken" so the user can generate a security key.
- "webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use" matching the enabled protocols.
- the required capabilities by the web service functions. These required capabilities are listed when you add a function to the service.
For more information about roles and capabilities, read the Manage roles documentation.
Once done, the web service should be set up. The user can retrieve his/her personal security key and copy it in an external application.
