Something that we probably want is some way to verify that the request is coming from the educator in charge of the class - maybe pass some identifying tag for the educator in a header or something?
I don't think it's pressing since the API is not publicly usable (as we don't currently give out keys), but that may change someday.
Something that we probably want is some way to verify that the request is coming from the educator in charge of the class - maybe pass some identifying tag for the educator in a header or something?
I don't think it's pressing since the API is not publicly usable (as we don't currently give out keys), but that may change someday.
Originally posted by @Carifio24 in https://github.com/cosmicds/cds-api/pull/137#issuecomment-2354043186