The following article is designed to give iiQ administrators a step-by-step guide on configuring Aeries in order for Incident IQ to access Aeries data through the OneRoster API. This includes:
- Creating a record in Aeries for iiQ
- Setting the appropriate permissions in Aeries
- Configuring the OneRoster API
Not what you were looking for? Perhaps one of these other guides will help:
- Installing the Aeries SIS Integration – A guide that provides step-by-step instructions on how to install the Aeries integration in Incident IQ.
- Managing the Aeries SIS Integration – A guide that provides step-by-step instructions on how to manage the Aeries integration in Incident IQ.
- Managing Incident IQ Apps – A guide designed to provide a brief overview of Incident IQ Apps
and how to access app management.
Creating an Incident IQ Record in Aeries
Aeries SIS contains an integrated API system. An “API” is an Application Programming Interface. It allows outside systems (such as Incident IQ) to call functions inside of Aeries to perform actions like getting data out or changing information. First, you will need to access the API Security page in the Security node of the navigation menu. This page allows you to create and manage 3rd party product records and permissions.
Accessing the API Security page as an Aeries administrator allows you to Add, Change, and Delete records for 3rd party products. Click Add and enter in Incident IQ as only the product name is required. You will also need to check the box for OneRoster so that iiQ can access OneRoster data. Click the Insert button to save the record.
After saving the record, check the box to Display Certificate Details. Make note of the Certificate value that displays followed by checking the box to Display Consumer ID & Secret Keys for OneRoster.
Setting Aeries Permissions
After creating a 3rd party product record for Incident IQ, you can grant appropriate permissions to various tables and program areas within Aeries. There are two types of API permissions available through the API: Read and Update. Read permissions only allow Aeries data to be retrieved via the API but not modified. Update permissions allow Aeries data to be modified via the API. Currently, Incident IQ does not support write-back functionality and as such will only need the read permissions for the following:
- Student Data
- Student Data
- Teacher Data
- Master Schedule
- Course Data
- School Information
To grant a permission, click the box next to the appropriate table/program area under the Read column, and the box will become checked with a green background. To remove a permission, click the box again, and the checkmark and green background will go away. There is no “Save” button for API permissions. Changes are saved immediately as you click the various boxes.
After an entry for 3rd Party Vendor record for Incident IQ has been created, continue to work in the Security | API Security page. First, select the vendor created (“3rd Party Vendor” in this example). You will see Product Information listed for that vendor as shown below.
Select Change and ensure the OneRoster checkbox is checked to enable the vendor to access the OneRoster API. After checking the box, click the Update button.
After updating, check the box labeled Display Consumer ID & Secret Keys for OneRoster.
Make note of the Consumer ID and Consumer Secret Key that display. The core security of the OneRoster API is different from that of the regular Aeries API. For OneRoster, the vendor will NOT use the Aeries Certificate, but will use the Consumer ID and Secret Key instead.
When installing the Aeries app in Incident IQ you will need to make note of the following pieces of information:
- Aeries URL: This is the base URL for your Aeries Web application. The website needs to be publicly accessible from outside your local network, and it is HIGHLY recommended that it be secured with an SSL certificate (HTTPS). Simply browse to your Aeries login page, then copy everything before the last slash (“/”) in the browser’s address bar. An example Aeries URL looks something like this: https://aeries.mydistrict.org. If your Admin and Teacher Portals are not available externally or if they use Integrated Windows Authentication, then it is best to provide the URL of your Student Portal instead. The API works the same regardless of the portal type.
API Certificate (for regular Aeries API): Using this unique string provides security for the Aeries API against unauthorized access. A sample Certificate is highlighted below for illustrative purposes only. Each Certificate will be different.
Consumer Secret Key: This is one piece of information that the vendor will require for OAuth 2.0 authentication, as described in the OneRoster API Authentication article. A sample Consumer Secret Key is highlighted below for illustrative purposes only. Each Consumer Secret Key will be different.
IMPORTANT: Do not share a Certificate, Consumer ID, or Consumer Secret Key with anyone other than someone from Incident IQ. These credentials cannot be changed once they are created in Aeries. If credentials are compromised, the Aeries Incident IQ record must be deleted and recreated.
Once you have your vendor record created, permissions assigned, as well as your district’s Aeries URL, API certificate, and Consumer ID, you can now install the Aeries app.