Skip to content

Protect LRS credentials by not exposing them to the browser at all.

License

Notifications You must be signed in to change notification settings

stevenvergenz/xapi-proxy

Repository files navigation

Experience API Proxy

ADL's Experience API defines a language for learning content to communicate training data about a learner to an external Learning Record Store (LRS). As a protocol it is perfectly adequate to get data out of a piece of learning content. Logistically though, the learner has no way of knowing to what LRS the content decided to publish his/her data to, without the learner explicitly providing the content with an LRS endpoint and publishing credentials.

The Experience API Proxy project seeks a solution to this problem. It allows the learner (or the learning management system) to register the LRS information with the proxy. The content can then make its xAPI requests to the proxy, and the proxy will route the statements to the specified LRS. This amounts to live configuration of the content by external systems or users without having to significantly change the content.

The proxy also stores learner information (specifically the "actor" envelope of the xAPI statement), so a learning management system can provide that information to the content as well, without requiring the learner to re-submit it.

The basic data flow can be seen in the below graphic:

Proxy sequence diagram

Submitting LRS information

Request:

POST /config

Request body:

{
    "endpoint": "http://example.com/xapi/",
    "user": "bogusUser",
    "password": "ButteredCatParadox",
    "actor": {
        "name": "Steven Vergenz",
        "mbox_sha1sum": "d16681af53ecce8c2c650c5751575325af277cee"
    }
}
  • endpoint: The URL of the LRS.
  • user/password: The basic auth credentials for the named LRS.
  • actor: An xAPI-format actor block. See the Experience API spec for the formatting of this object.

Response:

hrsEhFvfNFXlIUkW
  • A semi-unique token needed to reference the LRS information.

Retrieving LRS information

For security reasons, you cannot recover all of the information POSTed to the proxy. However you can verify the validity of the token, retrieve the actor info, and check the time until expiration.

Request:

GET /config?lpt=hrsEhFvfNFXlIUkW

Response:

{
    "actor": {
        "name": "Steven Vergenz",
        "mbox_sha1sum": "d16681af53ecce8c2c650c5751575325af277cee"
    },
    "expires": "2014-01-29T21:15:00Z"
}
  • actor: The actor body provided in the initial registration.
  • expires: The date/time when the LRS information will be deleted in ISO8601 format.

Using the proxy

There are many ways to make use of the proxy, but generally speaking, you can treat the /xapi endpoint as an LRS. You only need to add the lpt query argument to your requests, and the request will be forwarded to the LRS associated with the provided token. For example, to retrieve statements from the LRS by proxy:

Request:

GET /xapi/statements?lpt=hrsEhFvfNFXlIUkW&since=2014-01-29T20:05:49.228Z

Response:

{
    "statements": [],
    "more": ""
}

About

Protect LRS credentials by not exposing them to the browser at all.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published