Note: You are currently viewing documentation for Moodle 4.0. Up-to-date documentation for the latest stable version of Moodle may be available here: Security keys.

Security keys

From MoodleDocs
Revision as of 10:46, 26 August 2022 by Remco Schrijver (talk | contribs) (The token registration moved from Plugins to Server)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

A security key or token enables other systems to access Moodle securely. A security key may be used for secure RSS feeds or web services.

A user can obtain a security key via the Preferences link of the user menu top right and then entering the key in an external application accessing Moodle.

Note: In order for this to be accessible the user needs the moodle/webservice:createtoken capability. The easiest way to do this is to allow the capability for the Authenticated User role. This does not allow the user to use web services, only to create a token.

At any time, a user can reset their key by clicking the reset link. A new different key is automatically generate which will then need to be entered in the external application.

Note: The security keys page can not generate web service keys/tokens for admins. Admins can create a token manually from the administration block: Site administration > Server > Web services > Manage tokens.

Secure RSS feeds

Secure RSS feeds are a way you can read forum posts, blog entries, etc while you are offline, and without having to log in. For example, if you want to read the posts in a forum, you usually need to log in to Moodle. But if your site administrator has enabled RSS, these posts are available as a feed you can subscribe to with a feed reader, and you can read entries even when you don't have access to the Internet.

Secure RSS feeds allow your feed reader, which usually expects feeds to be publicly available, to download material from Moodle without having to log in.

Whenever you are viewing an activity that provides an RSS feed, look in the Administration block for a link labelled "RSS feed of posts". This link is unique to your Moodle account. Paste it into your feed reader to have it obtain new entries for you automatically.

If you ever think your RSS feed token has been compromised in some way, e.g. you have lost a mobile phone that subscribed to a news forum, you can request a new one by clicking the Reset link on the Security Keys page from the Preferences link in your user menu. This will disable the old feed token and generate a new one. You can then visit the activities you wish to subscribe to and copy the URL, which will contain your new security key.