OneRoster Provisioning

PATH: System Administration > Learning Interoperability > OneRoster Provisioning

The OneRoster Provisioning tool allows users to create credentials for third-party programs to retrieve Campus data through the OneRoster API.

Creating Vendor Credentials in the OneRoster Tool

Access to this tool is granted only to users who have a Product Security Role to the Student Information System.

Creating a OneRoster Vendor Record

Adding an OneRoster vendor record creates a set of credentials that a third-party program can use to retrieve Campus data through the OneRoster API.

  1. Click New to create a new credential record.
  2. Enter a Vendor Name.
  3. Enter a Purpose describing why this connection was made.
  4. Enter a Consumer Key following the hard-coded prefix.
  5. Modify the Token Expiration Date if desired. Do not exceed 13 months from the current date.
  6. Leave the Status as Active.
  7. Click Save to finish. Additional fields display and are populated when the record is saved.


It is the districts responsibility to communicate the Key, Secret, and URLs to the third-party system. See the OneRoster API for more information that may be useful to send.

OneRoster Vendor Fields

Client EnabledIndicates if this set of vendor credentials is currently enabled.
Vendor NameThe name of the vendor who is being given credentials to access Campus data.
PurposeThe reason this connection was made.
Consumer Key

The username of the vendor account. Campus auto-populates the first 8 characters before the underscore based on the site in which the credentials are generated. The district-defined portion of this field can be whatever is meaningful for the district, but Campus recommends including the name of the vendor.

When sharing this information with the vendor, include both the Campus-generated prefix and the district-defined portion.

Consumer Secret

The password of the vendor account. This password is a randomly generated character string and displays as hidden (****) by default.

Show Secret TextMarking this checkbox displays the alphanumeric characters of the Consumer Secret.
Campus User Account Name

The username attached to the vendor that is used in Campus. This username is created to provide a Modified By ID for tracking changes made in Campus.

This user is a dummy account only; tool rights and other account information cannot be edited.

Token Expiration Date

The date that the vendor's current credentials expire. This value should not exceed 13 months in the future.

Valid Days

The calculated days between the Expiration Date and the current date.


Indicates if the vendor access is Active or Revoked.

Setting the Status to Revoked prevents any further communication between the third-party system and Campus. When a token is revoked and the record is saved, the Secret is deleted, the Enabled checkbox is unmarked, and all fields become read-only.

Select Renew to reinstate a revoked record, change the status to Active and make any updates.

OneRoster API URLs

These URLs are to be sent to the third-party program to use for retrieving Campus data.


The base URL for accessing the API. This URL provides links to the OneRoster Specifications and the REST Documentation Client.

Below those links is a list of URLs for all available API Endpoints with a brief description for each. Most of the endpoints represent GET actions to retrieve data from Campus, with the exception of passing back posted grade information.

The second URL in this section (ending in "v1p1") refers to the pre-released version 1.1 of the IMS OneRoster Specification, which is currently being finalized. This URL can be shared with the third-party system to prepare for these specifications being finalized.

Rest Documentation ClientThe URL for accessing the REST documentation client, which documents the API and allows users to review endpoints and retrieved data.

Renewing a OneRoster Vendor

Clicking Renew re-establishes the vendor record, updating the necessary fields to make the record active:

Connections List Status Indicators

The Connections List includes three colored status indicators. The logic for these indicators is as follows:

  1. Green if Client Enabled is marked, red if not.
  2. Green if Token Information > Status is Active, red if Revoked. The first indicator is also red when the Status is Revoked. 
  3. Green if Token Expiration Date is after the current date, red if it is the current date or before.