Certica Products

Authorization- Assessment

Updated Mar 24, 2021

A separate, player-specific, access_token is required to allow items to render inside of an interface. This is to prevent unauthorized access of any items outside of a testing environment. Each token should expire very shortly after it is created to prevent someone from copying the browser's source code and running it somewhere else.

Getting an Access Token

curl -X POST \
https://assess.itemlogic.com/oauth/token_player?client_id=<client_id>&client_secret=<client_secret>

POST Fields

In addition to your client_id and client_secret, you should POST options regarding the test session you are trying to administer. For a live assessment administration, sessionId and sessionKey are required. If you want to display the test to allow a teacher or administrator to audit the test before it is administered, pass testId and auditCode. In any event, you must pass the expires field.

Name Description
Type

accessToken
(Required) Token value generated by /oauth/token_player. None of the other required options below are necessary if generated within the token. Baking options into the accessToken is a secure way of safeguarding any parameters you wouldn't want a candidate to surreptitiously view. integer
expires Number of seconds from the current time, forward, this token should be valid. We recommend this value be set below 14,400 (4 hours). integer
sessionId Test session ID. integer
sessionKey Test session key. string
testId Test ID. integer
auditCode Access code to display and audit the test before it is administered. string
ui JSON array of user interface options. See options below. array
instantStart Do not display dialog prompting candidate to start the test. boolean
autoload Do not automatically load the first item of the test. boolean

Option: ui

The following fields describe UI elements you may choose to render in the ItemLogic.Assess player. The default value for each of these options is false, so if you wish to display nothing but the item itself, ignore this section.

Name Description
Type

progress
Display a progress bar of candidate's progress. boolean
validate Display a button to check the candidate's answer. boolean
submit Submit the test. boolean
toggle Allow candidate to toggle items back/forward in the order the items are listed in the test. boolean
backward Allow candidate to toggle backwards to previous questions. If toggle is set to 1, this option must be explicitly set to 0 to prevent backwards toggling. boolean
jump Allow candidate to jump to different sections of a test. (Not implemented) boolean
timer Display elapsed time for candidate. (Not Implemented) boolean
fontSize Specify the base font-size CSS property for all item content. This value defaults to 12px, but you can specify pt values as well. string

Sample Post with Options

curl -X POST \
      -H "Content-Type: application/json" \
      -d '{
        "sessionId": 70,
        "sessionKey": "abc321",
        "expires": 14400,
        "instantStart": 1,
        "ui": {
            "submit": 1,
            "toggle": 0,
            "backwards": 0,
            "progress": 1,
            "validate": 0
        }
      }' \
https://assess.itemlogic.com/oauth_player?<credentials>

Sample Response

All of the options contained in the POST'ed data becomes obscured so that even if the browser page's source is available, the candidate cannot obtain or override any of the parameters contained within.

{
  "status":"OK",
  "body":{
  "token":"1320c9658636dd0f2a85281df9afe417ef1cf1e382c724e3d59c982a6674b\
     fad242479a65cddb72349005aab5a9aa6069a145b296a6a1e32d135d2dc2c8cfc7017c8\
     4c8d940747ccbb0adc2a25839746596246067c277bdd80a4bf701fc2d6c"
  }
}

Using the Access Token

Place the working access_token inside of your assessment page, and fire it up!

<html>
   <head>
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <meta http-equiv="cache-control" content="no-cache">
        <meta http-equiv="pragma" content="no-cache">
        <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
        <link href="https://assess.itemlogic.com/css/assess.css" type="text/css" rel="stylesheet">
        <script src="https://assess.itemlogic.com/assess-api.js" type="text/javascript"></script>
        <title>ItemLogic Assessment</title>
   </head>
   <body>
        <div id="Assess"></div>
        <script>
            var assess;
            window.addEvent('domready', function(){
                var opts = {
                    "accessToken":"9245d32960932d89f..."};
                new ItemLogic.Assess('Assess', opts);
            });
        </script>
   </body>
</html>

Note: If you're interested in trying out the test without the hassle of embedding it inside of your own assessment player just yet, use the link below. We will provide our UI to navigate the test, respond to it, and submit it. You can then query the result data via REST. https://app.itemlogic.com/tests/assess?token=<assessment_auth_token>

Previous Article Authorization- API
Next Article Authorization- Item Editor