Aeries SIS has developed an API based on the OneRoster® 1.1 specification. OneRoster is a standard for securely exchanging data between student information systems (SIS) and other applications such as Learning Management Systems (LMS). More information is available on the IMS Global website: http://www.imsglobal.org/activity/onerosterlis


By using the OneRoster standard, Aeries can ensure interoperability with other vendors that have implemented or will implement the same standard.


Aeries Public Demo

The public Aeries Demo site is configured with a set of credentials that a vendor can use to test the OneRoster 1.1 API. Please refer to the article on OneRoster API Authentication Process for details.


Aeries Base URL: https://demo.aeries.net/aeries

Client ID: 1279e5c6b747b6d62b7c76db3a205d40eb7458e678a90493d537d5af6b953550

Client Secret: 68019dbf8d8ba82980dd148eecc3977ac0d7f1f040d444225874c88eb80b9c1a


Note: The steps described in this article can only be completed by an Aeries Administrator.


API Security

Giving a vendor access to the Aeries OneRoster API is simple. Before you begin, create an entry for the vendor on the Security | API Security page. Instructions can be found in the API Security article.


After an entry for the vendor has been created, continue to work in the Security | API Security page. First, select the vendor created ("3rd Party Vendor" in this example). You will see Product Information listed for that vendor as shown below.


Select Change and ensure the OneRoster check box is checked to enable the vendor to access the OneRoster API. After checking the box, click the Update button.



After updating, check the box labeled Display Consumer ID & Secret Keys for OneRoster.



Make note of the Consumer ID and Consumer Secret Key that display. The core security of the OneRoster API is different from that of the regular Aeries API. For OneRoster, the vendor will NOT use the Aeries Certificate, but will use the Consumer ID and Secret Key instead.



You will need to provide the 3rd party vendor with three pieces of information:

  1. Aeries URL: This is the base URL for your Aeries Web application.  The website needs to be publicly accessible from outside your local network, it MUST be secured with a digital certificate (HTTPS), and the server MUST support TLS 1.2. If you are uncertain of the base URL, simply browse to your Aeries login page, then copy everything before the last slash (“/”) in the browser’s address bar.
  2. Consumer ID: The string of letters and numbers, exactly as displayed on the API Security page. The vendor may also refer to this as the “Client ID”.
  3. Consumer Secret Key: The string of letters and numbers, exactly as displayed on the API Security page. The vendor may also refer to this as the “Client Secret”.

Note: If your Admin and Teacher Portals are not available externally or if they use Integrated Windows Authentication, then it is best to provide the URL of your Student Portal instead.  The API works the same regardless of the portal type. In the example below, the Aeries URL is https://aeries.mydistrict.org. Make sure to note the case of the URL.


IMPORTANT: Do not share a Consumer ID or Consumer Secret Key with anyone other than the vendor for which it was created. Always create a separate 3rd party product record for each vendor/product that will access the API.  The Consumer ID and Secret Key cannot be changed once they are created.  If they are compromised, the 3rd party product record must be deleted and a new one created.


Permissions

OneRoster API permissions are configured in the same way as permissions for the regular Aeries API. The following is a list of permissions that are needed for the complete set of OneRoster API endpoints that Aeries currently supports. More may be added in the future.

  • Student Data
    • Student Data
  • Gradebook
    • Gradebook Scores
    • Gradebook Category
    • Gradebook Assignment
  • Scheduling
    • Teacher Data
    • Master Schedule
    • Course Data
    • Classes
  • School Information
    • Schools
    • Terms
    • Users


OneRoster Settings


Note: Aeries Hosted customers should contact Aeries Support to have this step completed to ensure that the correct certificate is selected and that the recycling of the Application Pool can be coordinated.

After completing the steps in the above section on API Security, navigate to the School Info | School Options page to see the OneRoster Settings section. While logged in at the District level, click the Edit/Change button to enter Edit mode. Check the box labeled Enable.



The following warning message will display. Click OK to continue.



Note: As the warning message indicates, these settings will not take effect until the Aeries application is restarted in IIS. This can be accomplished by recycling the Application Pool under which Aeries is running or by resetting IIS. This will terminate all active user sessions, which may result in lost work and therefore is recommended to be done outside regular hours.


Click OK to continue. The following options will display.



Public URLEnter the Aeries URL that you determined in a previous step.
Signing CertificateClick the magnifying glass to display a list of available certificates stored on your web server. The Signing Certificate should be set to the valid root CA (Certificate Authority) for your installed SSL certificate.


Note: Make sure to match the case of the Aeries URL exactly, as certain configurations may require this (e.g. https://aeries.mydistrict.org vs https://Aeries.MyDistrict.org). Also, the Public URL must be a Virtual Directory.


Additional Options

There are additional options that apply to both the OneRoster API and the OneRoster CSV extract. Those options are detailed in the OneRoster v1.1 Configuration article here.