© 2018 Capita Business Services Ltd. All rights reserved.
Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.
This option offers web-based access to data in SIMS. Have a look at our web APIs and see if a web integration is right for your product. (Work in Progress)
WIP
All users of web interfaces need their customer (school) to turn on the data exchange to DeX and for RAP / One Roster. At present these require slightly different switches to be be thrown but we are looking to make this a 'One Switch Does All' at some point in time.
Your question to your customer should be 'Have you enabled web data exchange for SIMS?'. If the answer is No or Don't know then TIs would be advised to refer the school to their Local Support Unit asking them to turn this on.
Once data exchange is enabled, then it is enabled for all TIs and for our own internal products and doesn't need to be turned on again.
The second part of the customer journey is for them to choose your application from the Tile Store and grant your application access.
The school chooses available tiles, searches for your application and presses install. They will be prompted for GDPR consent and agreeing will enable your application.
Locally Installed Application Using Web APIs are expected to be the exception rather than the rule and are not covered in this guide. Please contact Partner.Support@educationsoftwaresolutions.uk if you need guidance with this type of solution.
It is essential that the tile is correctly created. Firstly we assume that TIs will create a development application which is only available to the Freemium sand box and/or the bespoke DeX sand box provided under contract. The idea being that the tile is right before it is made public. The process of making it 'public' is actually creating a new tile and setting the correct set of permissions and links. Getting these permissions is critical because they are non-editable at present.
These are expected to be the norm when using web APIs. The TI will have some form of Cloud back end server making the calls to get data from SIMS. This type of configuration puts the TI in control of keys and secrets which can be locked down in key vaults or other appropriately secure container.
This high end security it key because it makes the management of keys which have far reaching consequences securable.
Subject to contract and review with the TI (mainly to ensure that they understand the gravitas of losing these master keys) ESS will provide a master key to a TI.
The master key allows a TI to:
For A Selected Application
Request the set of schools who have authorised that application
For Each School
Request the access credentials for that school and application
The master key is limited to the vendor and their applications and the APIs will return:
This then only requires the addition of the per vendor API manager Key (OCP_APIM key) to enable data access.
The use of the master key removes the need for schools / TIs to use the SIMS ID UI to get keys and cyphers which are easily misread or miskeyed.
Whilst TIs are notified when a school selects their tile by email. This also allows the TI to itterate through their customer list and see which customers they have yet to set up or potentially sell their application to. TIs must ask schools who grant access to them and who do not use the application to turn it off (or do this for them in the TI management UI).
We have made the assumption that T