API Gateway

Developing a secure API filter

I built a secure way to access and filter the Brightspace API.

Brightspace is a password-protected Learning Management System (LMS) developed by D2L. Its purpose is for the administration, tracking, reporting, and delivery of educational courses. Brightspace has an API for third-party integrations, however, it often allows the third-party to access to more data than an organization would like to provide such as student information.

To solve this problem, I developed a serverless API gateway paired with Azure Key Vault.

Instead of using the Brightspace API endpoints, connect to my endpoints. A serverless function was created for each Brightspace API endpoint and secured with KeyVault and ADFS. The Brightspace administrator could now filter what information gets sent to the API user without giving direct access to the Brightspace API.

This API gateway is used by the Brightspace Link Checker third-party integration that I developed.