LTI 1.3 has security provisions to protect data at the institution's Learning Management System (LMS) and on Pivot Interactives. Here are answers to common questions about data transferred between an LMS and Pivot Interactives when using LTI 1.3.
What data is transferred between the LMS and Pivot Interactives?
Pivot Interactives LTI 1.3 implementation allows two functions:
Creating deep links that connect students to Pivot Interactives assignments created by their instructors
Passing grades from Pivot Interactives into the LMS grade book for the assignments in Pivot Interactives
Which 'scope' does Pivot Interactives LTI 1.3 request when connecting to an LMS?
In addition to deep linking (which is not technically a scope), Pivot Interactives only requests the score
scope, which allows Pivot Interactives to update scores for assignments in LMS that the instructor linked to Pivot Interactives.
What API endpoints does Pivot Interactives LTI 1.3 use?
After launching a deep linked assignment:/api/lti/courses/:courseId/line_items/:lineItemId/scores
Used in the LTI connection:/api/lti/authorize_redirect
/login/oauth2/token
/api/lti/security/jwks
Students do an LTI launch from a deep link in Canvas. The connection is authenticated using signed JSON Web Tokens (JWTs).