Learning Pool Learning Record Store (LRS) includes built-in (Launch Server) functionality that enables you to securely launch learning content with the ADL xAPI Launch Method.
The method ensures that the key and secret for your LRS aren’t exposed to learners who could potentially use those details to store and retrieve records about themselves and other learners. Instead, content is launched with a one-time access token which expires and prevents learners from storing or retrieving records for which they shouldn’t have access.
This launch method is not supported by all Learning Providers, however, it is supported out-of-the-box in the Learning Pool Learning Experience Platform (LXP) and can be supported with the xAPI Launch Link plugin in Moodle and Totara. This method is also not supported by all Learning Authoring Tools, however, it is supported out-of-the-box by Learning Pool Authoring and it is possible to create a wrapper script in the Learning Provider that ensures all xAPI enabled content uses this method (as we have done in the LP LXP).
How does it work?
Here’s how the Launch Server interacts with learning providers, content, and the Learning Record Store:
The process works like this:
1. The user navigates to the Learning Provider’s URL for the content.
2. The Learning Provider creates the launch.
3. The Learning Provider redirects the user to the content with a token.
4. The content initializes the launch with the token.
5. The content uses the xAPI using the launch details.
6. The content terminates the launch with the token.
Supporting the Launch Method in your Learning Provider
If you’re able to modify your Learning Provider directly or with plugins, you can add support for the ADL xAPI Launch Method to make use of this Launch Server Functionality with the LP LRS using the steps below. For a full code example, you can go to the link below.
https://github.com/LearningLocker/xapi-demos/tree/master/adl-launch
Step 2. The Learning Provider creates the launch.
After the user navigates to your Learning Provider’s URL for the content, you’ll need to send a HTTP request like the one below to your LP LRS. The [SESSION_ID] is yours to define, it’s typically a UUID. The [BASE64_BASIC_AUTH] can be acquired from the Settings > Clients page in the LRS on any client.
POST https://your-lrs.learninglocker.net/api/launchr/session/[SESSION_ID]/launch
Authorization: Basic [BASE64_BASIC_AUTH]
Content-Type: application/json
{
“statement”: { “actor”: { “mbox”: “mailto:test@example.org” }},
“ttl”: 10000
}
Step 3. The Learning Provider redirects the user to the content with a token.
From the HTTP request above, you’ll receive a JSON response with a “key” property containing [YOUR_LAUNCH_KEY]. This will allow you to redirect your learner to the content with a new URL like the one below that contains the URL parameters necessary for the content to use the ADL xAPI Launch Method. Note that the “xAPILaunchService” URL Parameter needs to be URL encoded.
Supporting the Launch Method in your Learning Content
If you’re able to modify your Learning Content, you can add support for the ADL xAPI Launch Method to make use of this Launch Server Functionality with the LP LRS using the steps below. Make sure to read the section above detailing how the URL parameters will be used by the Learning Provider to provide the Launch Server details. For a full code example, you can go to the link below.
https://github.com/LearningLocker/xapi-demos/tree/master/adl-launch
Step 4. The content initialises the launch with the token.
Firstly, we need to get the Launch Server details from the URL parameters and initialise the launch with the token as seen in the example code below, this will allow us to retrieve the details to communicate with the LRS via the xAPI through the Launch Server.
const urlParams = new URLSearchParams(document.location.search);
const launchServerEndpoint = urlParams.get('xAPILaunchService');
const launchServerKey = urlParams.get('xAPILaunchKey');
const initialisationResponse = await fetch(`${launchServerEndpoint}launch/${launchServerKey}`, {
method: 'POST',
mode: 'cors',
});
const launch = await initialisationResponse.json();
const launchEndpoint = launch.endpoint;
const launchActor = launch.actor;
Step 5. The content uses the xAPI using the launch details.
With the endpoint and actor details acquired above, we can now create our xAPI statement and use the xAPI via the Launcher Server.
const xapiStatement = {
"actor": launchActor,
"verb": { "id": "http://activitystrea.ms/schema/1.0/access" },
"object": { "id": "http://www.example.org/activity" }
};
await fetch(`${launchEndpoint}statements`, {
body: JSON.stringify(xapiStatement),
headers: {
'content-type': 'application/json',
'x-experience-api-version': '1.0.0',
},
method: 'POST',
mode: 'cors',
});
Step 6. The content terminates the launch with the token.
Whilst the token will expire based on the time-to-live (TTL) provided previously when the Learning Provider created the Launch, it’s recommended that you terminate the launch once the learner has finished using the content to any additional use of the token. You can achieve this with the following code.
await fetch(`${launchServerEndpoint}launch/${launchServerKey}/terminate`, {
method: 'POST',
mode: 'cors',
});