Enforcing scopes is not required to use Qwickly Course Tools for Canvas.
By default, Qwickly Course Tools will function correctly without enabling Enforced Scopes on the Canvas Developer Key. Most institutions can complete their integration without modifying scope settings.
Some institutions choose to enforce scopes as part of their internal security policies. If your institution has enabled Enforced Scopes, you must ensure that the Qwickly Course Tools Developer Key includes all required permissions. Without the required scopes, users may encounter an “invalid_scope” error when launching the application.
How Do I Know if Scopes are Enforced?
In Canvas, navigate to Admin > Developer Keys > Qwickly Course Tools API Key > pencil icon to edit. If scopes are enabled, you will see the 'Enforce Scopes' slider toggled on:
Important Note: If you are using a developer key with scopes enforced, please make sure to check the box labeled "Allow Include Parameters"
Required Permissions
If your institution enforces scopes, the following permissions must be enabled in the Qwickly Course Tools Developer Key:
Users
url:GET|/api/v1/users/:id
url:GET|/api/v1/users/:user_id/profile
url:GET|/api/v1/users/:user_id/courses
Courses
url:GET|/api/v1/courses
url:PUT|/api/v1/courses/:id
url:POST|/api/v1/courses/:course_id/files
url:GET|/api/v1/courses/:course_id/modules
url:POST|/api/v1/courses/:course_id/modules
url:GET|/api/v1/courses/:course_id/modules/:module_id/items
url:POST|/api/v1/courses/:course_id/modules/:module_id/items
url:GET|/api/v1/courses/:course_id/modules/:module_id/items/:id
url:PUT|/api/v1/courses/:course_id/modules/:module_id/items/:id
url:POST|/api/v1/courses/:course_id/pages
url:POST|/api/v1/courses/:course_id/discussion_topics
url:PUT|/api/v1/courses/:course_id/discussion_topics/:topic_id
url:GET|/api/v1/courses/:course_id/assignments
url:POST|/api/v1/courses/:course_id/assignments
url:GET|/api/v1/courses/:course_id/assignment_groups
url:GET|/api/v1/courses/:course_id/users
url:GET|/api/v1/courses/:course_id/enrollments
url:POST|/api/v1/courses/:course_id/assignments/:assignment_id/submissions
Calendar
url:POST|/api/v1/calendar_events
Sections
url:POST|/api/v1/sections/:section_id/assignments/:assignment_id/submissions
Conversations
url:POST|/api/v1/conversations
Accounts
url:GET|/api/v1/accounts
url:GET|/api/v1/accounts/:account_id/terms
url:GET|/api/v1/accounts/:account_id/roles
url:GET|/api/v1/accounts/:account_id/admins
Troubleshooting: “invalid_scope” Error
If your institution enforces LTI scope restrictions and one or more required scopes are not enabled, you may encounter an “invalid_scope” error when launching the application.
This error indicates that Canvas has not granted all of the permissions required for the integration to function properly.
Example error message:
How to resolve this issue
Review the error message displayed on the page.
Locate the underlined scope URL (for example:
url:GET|/api/v1/accounts/:account_id/courses).This URL identifies the specific permission that is missing.
-
Update your LTI Developer Key or integration settings in Canvas to include the missing scope:
Log in to Canvas as an administrator.
Navigate to Admin → Developer Keys.
Locate the Developer Key used for the Qwickly Course Tools integration.
Select Edit Key.
Under the Scopes section, ensure the missing scope shown in the error message is enabled.
Save the changes.
Relaunch the Qwickly Course Tools tool.
Save your changes and relaunch the application.
Additional notes
The underlined scope URL provides precise information about which permission must be enabled.
Your Canvas administrator may need to update these settings if you do not have access.
If you are unsure how to update scopes, please contact your Canvas administrator or your Qwickly support representative.
Comments
2 comments
Here is how these scope routes are currently organized in Canvas:
Accounts
url:GET|/api/v1/accounts
Admins
url:GET|/api/v1/accounts/:account_id/admins
Assignment Groups
url:GET |/api/v1/courses/:course_id/assignment_groups
Assignments
url:GET |/api/v1/courses/:course_id/assignments
url:POST|/api/v1/courses/:course_id/assignments
Calendar Events
url:POST|/api/v1/calendar_events
Conversations
url:POST|/api/v1/conversations
Courses
url:GET |/api/v1/courses
url:GET |/api/v1/courses/:id
url:PUT |/api/v1/courses/:id
url:GET |/api/v1/courses/:course_id/users
url:POST|/api/v1/courses/:course_id/files
url:GET |/api/v1/users/:user_id/courses
Discussion Topics
url:POST|/api/v1/courses/:course_id/discussion_topics
url:PUT |/api/v1/courses/:course_id/discussion_topics/:topic_id
Enrollment Terms
url:GET|/api/v1/accounts/:account_id/terms
Enrollments
url:GET |/api/v1/courses/:course_id/enrollments
url: GET|/api/v1/users/:user_id/enrollments
Modules
url:GET |/api/v1/courses/:course_id/modules
url:POST|/api/v1/courses/:course_id/modules
url:GET |/api/v1/courses/:course_id/modules/:module_id/items
url:GET |/api/v1/courses/:course_id/modules/:module_id/items/:id
url:POST|/api/v1/courses/:course_id/modules/:module_id/items
url:PUT |/api/v1/courses/:course_id/modules/:module_id/items/:id
Pages
url:POST|/api/v1/courses/:course_id/pages
Roles
url:GET|/api/v1/accounts/:account_id/roles
Submissions
url:POST|/api/v1/courses/:course_id/assignments/:assignment_id/submissions
url:POST|/api/v1/sections/:section_id/assignments/:assignment_id/submissions
Users
url:GET|/api/v1/users/:id
url:GET|/api/v1/users/:user_id/profile
Thank you so much Dan!!
Please sign in to leave a comment.