Using web services: Difference between revisions
Harry Smith (talk | contribs) |
Mary Cooch (talk | contribs) m (Reverted edits by Marycooch (talk) to last revision by Randy Thornton) Tag: Rollback |
||
(12 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
{{Web services}} | {{Web services}} | ||
This document explains how an administrator can set up a web service for users to access a service. Each user will have a specific and unique security key (also known as a "token") to access the service. | This document explains how an administrator can set up a web service for users to access a service. Each user will have a specific and unique security key (also known as a "token") to access the service. | ||
== Enabling web services== | == Enabling web services== | ||
[[Image:Enable_web_service.jpg|thumb|Enabling web services]] | [[Image:Enable_web_service.jpg|thumb|Enabling web services]] | ||
# Access ''Administration > Site administration > Advanced features'' | # Access ''Administration > Site administration > Advanced features'' | ||
# Check 'Enable web services' then click 'Save Changes' | # Check 'Enable web services' then click 'Save Changes' | ||
Note: For security reasons, web services should only be enabled if you intend to make use of it. | Note: For security reasons, web services should only be enabled if you intend to make use of it. | ||
== Enabling protocols == | == Enabling protocols == | ||
[[Image:Enable_protocol.jpg|thumb|left|Enabling protocols]] | [[Image:Enable_protocol.jpg|thumb|left|Enabling protocols]] | ||
Usually external applications that users wish to use dictate which protocols should be enabled. | Usually external applications that users wish to use dictate which protocols should be enabled. | ||
# Access ''Administration > Site administration > Server > Web services > Manage protocols'' | |||
# Access ''Administration > Site administration > | |||
# Enable the protocols (SOAP, REST, XMLRPC, AMF, ...) as required | # Enable the protocols (SOAP, REST, XMLRPC, AMF, ...) as required | ||
Line 19: | Line 15: | ||
[[Image:Security keys and documentation.jpg|thumb|Security keys page with documentation link]] | [[Image:Security keys and documentation.jpg|thumb|Security keys page with documentation link]] | ||
Enabling web service function documentation (also on the Manage protocols page) results in user-specific web service documentation being available for each user on their [[Security keys]] page. This option is mainly useful to web service client developers. If nobody is creating a web service client, there is no need to enable this feature. | Enabling web service function documentation (also on the Manage protocols page) results in user-specific web service documentation being available for each user on their [[Security keys]] page. This option is mainly useful to web service client developers. If nobody is creating a web service client, there is no need to enable this feature. | ||
== Creating a custom external service == | |||
== Creating a service == | |||
If none of the pre-build web services match your needs, you can create a custom service i.e. select which of the standard web service functions are available via that service. | If none of the pre-build web services match your needs, you can create a custom service i.e. select which of the standard web service functions are available via that service. | ||
You can enable only the specific functions that you need to expose, so not compromising on security. | You can enable only the specific functions that you need to expose, so not compromising on security. | ||
[[Image:Create a service.jpg|thumb|Creating a service|left]] | [[Image:Create a service.jpg|thumb|Creating a service|left]] | ||
# Access ''Administration > Site administration > | # Access ''Administration > Site administration > Server > Web services.'' | ||
# Click Add new custom service | # Click Add new custom service | ||
#* 'Authorised users only' - If enabled, you will need to select the authorised users manually. Otherwise all users with appropriate permissions are allowed | #* 'Authorised users only' - If enabled, you will need to select the authorised users manually. Otherwise all users with appropriate permissions are allowed | ||
Line 31: | Line 26: | ||
# Enter a name and check Enabled | # Enter a name and check Enabled | ||
# Click the button 'Add service' | # Click the button 'Add service' | ||
==Adding functions to the service== | ==Adding functions to the service== | ||
[[Image:Select a web service function.jpg|thumb|Adding functions to the service]]Your service is currently empty and doesn't do anything. Web service functions need to be added. Your choice will be dictated by what you allow the external application to do. For this example, select 'Create group'. | [[Image:Select a web service function.jpg|thumb|Adding functions to the service]]Your service is currently empty and doesn't do anything. Web service functions need to be added. Your choice will be dictated by what you allow the external application to do. For this example, select 'Create group'. | ||
# Click 'Add functions' link | # Click 'Add functions' link | ||
# Select 'create group' function and click the 'Add functions' button | # Select 'create group' function and click the 'Add functions' button | ||
''Note that deprecated functions can not be added to services although the ones that are already part of a service can remain there until they are removed from Moodle codebase.'' | ''Note that deprecated functions can not be added to services although the ones that are already part of a service can remain there until they are removed from Moodle codebase.'' | ||
You should be back to the service functions list. 'Required capabilities' are indicated for each function. Users need the required capabilities to run a function. The function descriptions in the API Documentation can also give you more information about the required capabilities (''Administration > Site administration > | You should be back to the service functions list. 'Required capabilities' are indicated for each function. Users need the required capabilities to run a function. The function descriptions in the API Documentation can also give you more information about the required capabilities (''Administration > Site administration > Server > Web services > API Documentation''). | ||
==Enabling capabilities== | ==Enabling capabilities== | ||
The final step is to grant appropriate permissions. The following capabilities should be allowed: | The final step is to grant appropriate permissions. The following capabilities should be allowed: | ||
* [[Capabilities/moodle/webservice:createtoken|moodle/webservice:createtoken]] - for allowing users to generate a security key | * [[Capabilities/moodle/webservice:createtoken|moodle/webservice:createtoken]] - for allowing users to generate a security key | ||
* [[Capabilities/webservice/rest:use | webservice/rest:use]], [[Capabilities/webservice/soap:use | webservice/soap:use]], [[Capabilities/webservice/xmlrpc:use | webservice/xmlrpc:use]], [[Capabilities/webservice/amf:use | webservice/amf:use]] which match the enabled protocols. | * [[Capabilities/webservice/rest:use|webservice/rest:use]], [[Capabilities/webservice/soap:use|webservice/soap:use]], [[Capabilities/webservice/xmlrpc:use|webservice/xmlrpc:use]], [[Capabilities/webservice/amf:use|webservice/amf:use]] which match the enabled protocols. | ||
* The service ''Required capability'' if set (''Administration > Site administration > | * The service ''Required capability'' if set (''Administration > Site administration > Server > Web services > Manage services >'''Edit''' link''). | ||
* The required capabilities for the web service functions. These required capabilities are listed when you add a function to the service. For more information about roles and capabilities, read the [[Manage roles]] documentation. | * The required capabilities for the web service functions. These required capabilities are listed when you add a function to the service. For more information about roles and capabilities, read the [[Manage roles]] documentation. | ||
Once done, the web service should be set up. Users should be able to [[Security keys|obtain a personal security key]]. | Once done, the web service should be set up. Users should be able to [[Security keys|obtain a personal security key]]. | ||
= Alternative settings = | = Alternative settings = | ||
== Authorise only specific users== | == Authorise only specific users== | ||
[[Image:Authorised users link.jpg|thumb]] [[Image:Authorised user selection page.jpg|thumb]] | [[Image:Authorised users link.jpg|thumb]] [[Image:Authorised user selection page.jpg|thumb]] | ||
# ''Administration > Site Administration > | # ''Administration > Site Administration > Server > Web services > External Services'' | ||
# Select '''Authorised users''' link (the service must have been set as '''Authorised users only''' in the '''Edit''' link) | # Select '''Authorised users''' link (the service must have been set as '''Authorised users only''' in the '''Edit''' link) | ||
# Select some users and click '''Add''' | # Select some users and click '''Add''' | ||
Moodle indicates if some capabilities need to be assigned to an authorised user. Moreover, if you click on the authorised user fullname, you can set up some specific options: ''IP restriction'' and ''Valid until''. | |||
Moodle indicates if some capabilities need to be assigned to an authorised user. Moreover if you click on the authorised user fullname, you can set up some specific options: ''IP restriction'' and ''Valid until''. | |||
== Create a token == | == Create a token == | ||
[[Image:Create_token.jpg|thumb]] | [[Image:Create_token.jpg|thumb]] | ||
This feature allows you to create a token for specific user. It can be useful if a user doesn't have the moodle/create:token capability. This is also the only way to create a token for an administrator. For security reason, tokens are not automatically generated in the administrator security | This feature allows you to create a token for specific user. It can be useful if a user doesn't have the moodle/create:token capability. This is also the only way to create a token for an administrator. For security reason, tokens are not automatically generated in the administrator security keys page. | ||
# ''Administration > Site Administration > Server > Web services > Manage tokens'' | |||
# ''Administration > Site Administration > | |||
# Click on '''Add''' | # Click on '''Add''' | ||
# Select the created user and service | # Select the created user and service | ||
# Click on '''Saves changes''' | # Click on '''Saves changes''' | ||
As you created a token for this user, you do not need to assign "''moodle/webservice:createtoken''" to him/her. | As you created a token for this user, you do not need to assign "''moodle/webservice:createtoken''" to him/her. | ||
Finally, note that, as for authorised users, you can also set ''IP restriction'' and ''Valid until'' on a token. | Finally, note that, as for authorised users, you can also set ''IP restriction'' and ''Valid until'' on a token. | ||
== See also == | == See also == | ||
*[http://www.joomdle.com/wiki/Preparing_Moodle_20#Setting_up_Moodle_Web_services Joomdle documentation about setting Moodle web services] | *[http://www.joomdle.com/wiki/Preparing_Moodle_20#Setting_up_Moodle_Web_services Joomdle documentation about setting Moodle web services] | ||
[[de:Webservices nutzen]] | |||
[[fr:Utilisation des services Web]] | |||
[[ja:ウェブサービスを使用する]] |
Latest revision as of 10:36, 1 May 2024
This document explains how an administrator can set up a web service for users to access a service. Each user will have a specific and unique security key (also known as a "token") to access the service.
Enabling web services
- Access Administration > Site administration > Advanced features
- Check 'Enable web services' then click 'Save Changes'
Note: For security reasons, web services should only be enabled if you intend to make use of it.
Enabling protocols
Usually external applications that users wish to use dictate which protocols should be enabled.
- Access Administration > Site administration > Server > Web services > Manage protocols
- Enable the protocols (SOAP, REST, XMLRPC, AMF, ...) as required
Enabling web service function documentation
Enabling web service function documentation (also on the Manage protocols page) results in user-specific web service documentation being available for each user on their Security keys page. This option is mainly useful to web service client developers. If nobody is creating a web service client, there is no need to enable this feature.
Creating a custom external service
If none of the pre-build web services match your needs, you can create a custom service i.e. select which of the standard web service functions are available via that service.
You can enable only the specific functions that you need to expose, so not compromising on security.
- Access Administration > Site administration > Server > Web services.
- Click Add new custom service
- 'Authorised users only' - If enabled, you will need to select the authorised users manually. Otherwise all users with appropriate permissions are allowed
- 'Required capability' - If enabled, any user accessing the web service will be checked against this selected capability. (This is just an additional optional security layer.)
- Enter a name and check Enabled
- Click the button 'Add service'
Adding functions to the service
Your service is currently empty and doesn't do anything. Web service functions need to be added. Your choice will be dictated by what you allow the external application to do. For this example, select 'Create group'.
- Click 'Add functions' link
- Select 'create group' function and click the 'Add functions' button
Note that deprecated functions can not be added to services although the ones that are already part of a service can remain there until they are removed from Moodle codebase.
You should be back to the service functions list. 'Required capabilities' are indicated for each function. Users need the required capabilities to run a function. The function descriptions in the API Documentation can also give you more information about the required capabilities (Administration > Site administration > Server > Web services > API Documentation).
Enabling capabilities
The final step is to grant appropriate permissions. The following capabilities should be allowed:
- moodle/webservice:createtoken - for allowing users to generate a security key
- webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use which match the enabled protocols.
- The service Required capability if set (Administration > Site administration > Server > Web services > Manage services >Edit link).
- The required capabilities for the web service functions. These required capabilities are listed when you add a function to the service. For more information about roles and capabilities, read the Manage roles documentation.
Once done, the web service should be set up. Users should be able to obtain a personal security key.
Alternative settings
Authorise only specific users
- Administration > Site Administration > Server > Web services > External Services
- Select Authorised users link (the service must have been set as Authorised users only in the Edit link)
- Select some users and click Add
Moodle indicates if some capabilities need to be assigned to an authorised user. Moreover, if you click on the authorised user fullname, you can set up some specific options: IP restriction and Valid until.
Create a token
This feature allows you to create a token for specific user. It can be useful if a user doesn't have the moodle/create:token capability. This is also the only way to create a token for an administrator. For security reason, tokens are not automatically generated in the administrator security keys page.
- Administration > Site Administration > Server > Web services > Manage tokens
- Click on Add
- Select the created user and service
- Click on Saves changes
As you created a token for this user, you do not need to assign "moodle/webservice:createtoken" to him/her. Finally, note that, as for authorised users, you can also set IP restriction and Valid until on a token.