Enterprise API enrollment

I’m trying to use the enterprise API to enroll learners into a course and also create a record in EnterpriseCourseEnrollment.

I tried to use: http://local.overhang.io/enterprise/api/v1/enterprise-customer/<UUID>/course_enrollments following the example I see in the test.

However, when I send a request (using Thunderclient or curl) I get a 401 response. I tried the same token with other endpoints (e.g. /bulk_enroll/v1/bulk_enroll) and it works fine.

I also get a response when I make a request to /enterprise/api/v1/ but as soon as I tried to get /enterprise/api/v1/enterprise-customer/, I get a 401 response.

I went down the path of trying to use an EnterpriseApiClient.

I added the following call to create an enterprise course enrollment:

def create_enterprise_enrollment(self, school_uuid, user_id, course_id):
    enrollment_data = [
            {
                "course_mode": "honor",
                "course_run_id": course_id,
                "lms_user_id": user_id,
                "email_students": False,
            }
        ]

        response = self.client.post(
            f"{ENTERPRISE_CUSTOMER_ENDPOINT}{school_uuid}/course_enrollments/",
            json=enrollment_data,
        )

But then I get a AttributeError: 'NoneType' object has no attribute 'username'. (trace error.txt (3.8 KB)). I then tried to create an enterprise catalog from the LMS but I got the same error.

Is the enterprise-catalog service a pre-requisite to use this endpoint?

Looks like it according to this ADR: New Enterprise Catalog IDA.

Hi @BbrSofiane,

To clarify, the /bulk_enroll/v1/bulk_enroll endpoint lives in edx-platform, correct? That endpoint doesn’t factor in any enterprise-specific permissions which is why you’re able to get a valid response when calling it.

The /enterprise/api/v1/enterprise-customer/<UUID>/course_enrollments endpoint on the other hand, uses edx-rbac in order to limit access based on the enterprise-specific roles available to a user. As this endpoint uses the @permission_required decorator for the enterprise.can_enroll_learners rule (defined here), only users that have a role that matches that permissions rule will have access. In this case, it’s looking for the user to have the “enrollment_api_admin” feature role. Generally, our worker users (e.g., enterprise_worker, enterprise_catalog_worker) are granted this feature role such that we can make service-to-service calls to endpoints with permissions such as this one.

The permissions for the /enterprise/api/v1/enterprise-customer/ endpoint are based on whether or not your authenticated user is linked to at least one enterprise (via DjangoModelPermissions). Do you have have an EnterpriseCustomerUser record configured for your authenticated user to indicate they are linked to an enterprise? Staff/superuser users should get a valid response from this endpoint without an explicit EnterpriseCustomerUser, however.

Unfortunately, as you mentioned, the enterprise-catalog service is technically now a pre-requisite to use enterprise catalogs. When you create/update a catalog in edx-enterprise, it automatically syncs to the enterprise-catalog service. Related, the checks during enrollment to verify that a given course is part of an enterprise’s catalog(s) also make a call to the enterprise-catalog service as well.

I hope this helps to clarify some things for you!

@AdamStankiewicz It does clarify things thanks.

To use /enterprise/api/v1/enterprise-customer/<UUID>/course_enrollments I need the enterprise-catalog service configured.

For the permissions, it’s only an issue when I try to use a client instead of the browser.

I have the Oauth client setup and linked to my superuser account.

image835×712 18.7 KB

I can successfully generate a token:

image771×579 17.8 KB

But when I make a call it fails:

image1613×279 17 KB

When I try with the same token with curl I get:

curl -X GET -H "Authorization: JWT dma4QVSUcMWG2IVrWJ1qCzWUX4O2ar" http://local.overhang.io/enterprise/api/v1/enterprise-customer/

{"detail":"Invalid token."}

Any suggestions there?