6. REST API

6.1. Prerequisites

This guide is oriented towards a Quizzera running on http://localhost:8000. If working with the production server, or with a local version running on a separate port, use the URL of that server instead of http://localhost:8000.

You must have Quizzera up and running. Ensure that the WSSE (authentication protocol) migrations are made (if you have not done so already):

$ vagrant ssh
$ django
$ python manage.py makemigrations wsse
$ python manage.py migrate

Now, get your API key by navigating to the API key listing: http://localhost:8000/api/keys/.

6.2. Authentication

Authentication is done with the WSSE protocol.

The server WSSE settings are:

Setting Value
Header Name X-WSSE
Nonce Length 64
Digest Algorithm SHA256
Timestamp Format ISO 8601
note:

You don’t need to worry about these settings if you are using the official pywsse package for interacting with the API.

For example, to send a request using pywsse and requests:

import requests
from wsse.client.requests.auth import WSSEAuth

auth = WSSEAuth('username', 'secret_key')
resp = requests.get('http://localhost:8000/api/v1/', auth = auth)

6.3. Endpoints

Requests use different HTTP verbs to specify the action to perform. In addition, all requests operate on resources in the database (unless specified otherwise).

The resources available are:

  • courses
  • quizzes
  • questions
  • attempts
  • extensions
  • enrollments

The following operations are supported on the resource resource:

note:The base for each URL is http://localhost:8000/api/v1/ during development. The base URL for production is https://quizzera.io/api/v1/.
Operation HTTP Verb Endpoint
Create new object POST /{resource}/
List all objects GET /{resource}/
Get one object GET /{resource}/{pk}/
Update object PUT/PATCH /{resource}/{pk}/
Delete object DELETE /{resource}/{pk}/

The data format of POST and PUT can be found by looking at the data serializers. Similarly, the output format of GET is also located there.

For example, to get a list of all courses, make a GET request to /api/v1/courses/. To view the information for course 2, make a GET request to /api/v1/courses/2/.

6.4. Permissions

Permissions are defined per-model. They are listed below.

Resource Operation Entities Allowed
Course Create Course administrator of any course
Read Authenticated user
Update Course administrator
Delete Course administrator
Quiz Create Course administrator
Read Enrolled user
Update Course administrator
Delete Course administrator
Question Create Course administrator
Read Enrolled user
Update Course administrator
Delete Course administrator
Question Attempt Create Enrolled user
Read Owner of attempt, course administrator
Update Course administrator
Delete Course administrator
Extension Create Course administrator
Read User who was granted extension, course administrator
Update Course administrator that granted extension
Delete Course administrator that granted extension
Enrollment Create Course administrator
Read Course administrator of any course
Update Course administrator
Delete Course administrator