Data Security and LTI 1.3
Peter Bohacek avatar
Written by Peter Bohacek
Updated over a week ago

LTI 1.3 has security provisions to protect data at the institution's Learning Management System (LMS) and on Pivot Interactives. Here are answers to common questions about data transferred between an LMS and Pivot Interactives when using LTI 1.3.

What data is transferred between the LMS and Pivot Interactives?

Pivot Interactives LTI 1.3 implementation allows two functions:

  1. Creating deep links that connect students to Pivot Interactives assignments created by their instructors

  2. Passing grades from Pivot Interactives into the LMS grade book for the assignments in Pivot Interactives

Which 'scope' does Pivot Interactives LTI 1.3 request when connecting to an LMS? 

In addition to deep linking (which is not technically a scope), Pivot Interactives only requests the score scope, which allows Pivot Interactives to update scores for assignments in LMS that the instructor linked to Pivot Interactives.

What API endpoints does Pivot Interactives LTI 1.3 use?

After launching a deep linked assignment:
/api/lti/courses/:courseId/line_items/:lineItemId/scores

Used in the LTI connection:
/api/lti/authorize_redirect
/login/oauth2/token
/api/lti/security/jwks 

Students do an LTI launch from a deep link in Canvas. The connection is authenticated using signed JSON Web Tokens (JWTs).

Did this answer your question?