Has anyone had any success with using Qualtrics to call secure APIs without API keys or is there a way to hide API keys from form editors? We are attempting to integrate Qualtrics with our custom Student Information System restful API using the implicit grant flow of Oauth 2.0. We aren't comfortable adding secret keys to Qualtrics forms our editors would be able to see and potentially abuse (accidentally removing authentication, ect). We could build a custom javascript function that sends the client to our Authorization server to get an access token onLoad, that is then used to set an embedded field that is sent to the (API) Resource server as a bearer header. This custom javascript function would be very volatile to Qualtrics updates. - Another option may be to use our existing federation (SAML) to generate access_tokens.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
