 My myself through and We are here to present our presentation on APIs for open edx platform So our main objective was creating registration APIs for course dashboard APIs and organization dashboard APIs the implementation was based on rest framework returning JSON data and Authenticated with oath to so these many APIs we have created Organize and No get posted to get the data of registered users after posting something is written that is Registered user is written. No if you want the data of particular ID user you can get Or you can post the data of new user means you can register a user on edx platform Yes, we have tried to cover the one minute vulnerabilities. We can show that now I Means in organization API there are count of certificates discussion forum activity and Great great C types of API created in this The focus is that these APIs can be used by the organization suppose another No only these are all great great APIs Activity means a for all courses of that organization Count of certificate for all courses of that organization means the organization which you specify an API ad points and Third one is the grade of grade of all students of all courses that we have created so that if These APIs can be extended on organization dashboard means another organization has courses on edx platforms And they want to access all their courses then they can just get a token or token from the Open edx platform courses API same functionalities, but Courses wise not organization wise and in courses API faculty wise also is given so that this can be used on faculty dashboard and also Grading in courses API is grading policy of course Core structure of a course can be fetched by anyone so that student can easily get that thing Core structure without enrolling in the course. You can see the core structure of any courses secured means currently all the APIs can only be accessed by authenticated users and It is provided on open edx platform register API is only accessible by admin user We have used password type Password Means you can get the client ID and client app from admin and you have the user Yes No registration API only accessible by admin only admin can register because no one else can register Student on edx platform because this bypass is the catch He can create multiple users in one script, so we have to give the admin Only admin admin can access it with his token only admin he generates is token with oath to He wants to create multiple Means the main purpose is suppose we want Like any me And currently that registration That is the current thing Currently what they're doing is we give them a list of And Because I don't have a That is a main problem which can get addressed. I'm not comfortable My on open edx platform my SQL and mongo both are used all the date My SQL registration that only course course structure and course Discussion for an activity I stood in mongo everything else is stood in my Okay Not allowed any invalid thing that is security. What is the testing? What are the test data used? for great API is We had been provided a production server data from IIT Bombay X platform and we had tested it and for that API I had also recorded the time by using just what time is it for a course with Approximately two thousand four hundred students and number of units in that course was six So it took two and a half minutes to compute all the grades computer age because We are displaying the grades Grades and these greats API can be displayed in between also means the course is currently ongoing Then only those grades are displayed for which the student has done the assignment So we have to compute the great ourselves. No, we can't take from any table So we tried that Other all API we are directly taken from table. So Only great API is a very high competition One is security and is there any other risk We all know restricted one thing that number of requests per user that is provided by Means by chance a malicious user gets gets enrolled in the Platform and he tries to crash the server or anything by recursively calling the API's then we have restricted that so For post API the admin credentials are required that you can keep For registration API nothing is needed because only admin is allowed for that for other API is We have attempted to restrict things, but we have not used the cap that For restricting automated request we have limited number of requests per user per minute Are you going to submit them in Open edx on We have only taken dump of data and then tested it. We have not directly put it on the server because Still you should not allowed to put on the server. That is why I asked yes Okay, man. The reason I'm asking is that somebody else do the gada work now whether it is good bad or ugly Why should I know but only only way they should come to us is through open edx Okay, we we can test it and use it if you want that is different, but that's a still your risk Yeah, I would rather publish it to the whole world Yes, we have posted Yes, we are doing the same procedure Yes, that's how we have package it That's how we have created a Django app and all the we have specified on GitHub link is present on this documentation that I Installed Models For registration API models for other API models are not used because Mongo is not a relational database Yes, no Django Django for my SQL table models can be created Okay, we have used by Mongo for Mongo currently because we didn't We have to Okay, okay, okay. Yeah, go