Skip navigation
All Places > Blackboard Developer Community > Blackboard Learn Developers > Blog

Had a case come in with several questions about the LTI Placement Options. There's certainly many options so I've written this Blog Post in Q& A format for future reference. The definitive documentation is on Cheers!


When creating a LTI TP, what does 'Allow Membership Service Access' mean?

- It allows one to enable names and roles for the integration. Q2 2018 (3400.0.0) included the LTI Names and Roles Provisioning service.


See for the specification.


It appears that once an LTI TP & associated placement is created, and the placement 'Availability' is set to 'Yes', course builders and instructors can access the LTP TP placement _in any course_. Is there a way to make the LTI TP / Placements only show up [for instructors] for a specific course?

- No there is not.


What is the purpose of the LTI TP > Placement > Handle? Does it affect how the LTI 1.0 link is stored in Bb?

- It's a unique handle that you define for your placement. If there's a collision you'll be informed when submitting the form. The handle was useful for Java B2 developers and may be useful with our REST API implementation for managing LTI placements.


What's the difference between a Course Content Tool (no deep linking), and a Course Tool?

- A Course Content Tool can only be placed on a Course Content page. The tool can be used by a student to access TP content. A Course Tool is really meant for the instructor only. However, one can make it available to students, resulting in some very awkward behaviors. If you make a placement a Course Tool, and make it available to both instructors and students, then it will only be available to include as a Tool Link, and will not appear in the Course Tools section of a course. However, if the placement is available only to instructors, then it will appear in the Course Tools drop down. If you want the placement to appear both as in the 'Course Tools' drop-down list and as a Tool Link choice then only make it available to instructors.


How do you make the LTI TP 'Course Tool' placement display in the left-hand nav menu under 'Course Tools'?

- Use the near the upper right of the left-hand nav, select Tool Link, the Type drop-down will have the Course Tool placement you created.


Where does the LTI TP 'System Tool' placement get displayed?

- See
A System tool can be opened without accessing a course. In the Original experience, the tool appears in the Tools menu of the My Institution tab. In the Ultra experience, the tool appears in the Tools base navigation section.

You can also place a System Tool in an Institution Page module.


Where does the LTI TP 'Administrator Tool' placement get displayed?

- On the System Admin page, in the Tools and Utilities section.



Posted by mkauffman Jan 24, 2019

This one is short. If you can't access your AMI, you might check that you're using https:// in your browser address field. We've had reports of being unable to access, http:// won't work.


Example: refused to connect.



Now try: https://bykerk-kauffman.com

Ta Da!


We've had several issues pop up we our support team tries to install a 'new' B2s from 3rd-party vendors onto a SaaS system and they can't upload the B2 into our SaaS B2 library. They can't because the vendor has given the B2 the same vendor ID, handle, and version in the B2 manifest included in the .war file that has already been assigned to a different B2 that has already been loaded onto some other client's SaaS system.


Background: There is a Blackboard B2 Library for SaaS. All B2s are stored there prior to deploying the B2 to SaaS systems. I.E. if I want my B2 with a vendor ID of Kauffman, and a handle (program name) of video-server and a version of 4.0.3 to be deployed to a client’s SaaS system, it first goes into Blackboard’s B2 Library for SaaS.


This single B2 library for SaaS will only allow one version of a vendor’s B2. I.E. If Vendor: kauffman, Handle: video-server, version: 4.0.3 is already in the B2 library, then kauffman-videoserver version 4.0.3 can NOT be assigned to a different build of the B2 for a different client and uploaded into the library.


This means that there can be only ONE version of a given B2 in the library for deployment to SaaS environments. A vendor can NOT develop a client-specific B2 and give the B2 the same vendor ID, handle and version that another client has already installed in SaaS. Each B2 given to Blackboard or a Blackboard SaaS Client MUST have a unique vendor ID, handle, and version value. The best practice for a vendor’s client-unique B2s in SaaS is to make the B2 configurable by the client to set some value that indicates which client it's deployed to, or even better, write the B2 code so it figures out who owns the system it's deployed on. To differentiate, one could also give client-unique versions of a B2 a different version or different program-id, or a different handle though that’s not best practice because it massively increases the number of the ‘same’ B2 in the library and makes it difficult to differentiate which B2 is meant for which SaaS system.

Once in a while a question comes in about where to find information on Behind the Blackboard. For example a case just came in asking if Q4 2018 is out and if so, where to find the download. If you're having difficulty finding information on like this, this brief video shows you how to find answers.


Happy New Year!


Adios PK1 Persistent IDs

Posted by mkauffman Dec 5, 2018

In previous Learn APIs (Java and SOAP) the database Primary Key served as a means of identifying Learn Objects. These Primary Keys, or PK1s, are used internally to the Learn system, but are no longer viable as unique identifiers for the objects bound to that database specific identifier.


As we continue rolling out our REST APIs we're working to improve API reliability and the longevity of applications build using them. Part of that decision is a move away from facilitating API use of PK1s as a means of accessing objects via the database primary key, i.e. the PK1, often referenced as the object's id in our APIs and REST results.


There are many compelling reasons for this decision, including creating a loose coupling between the Learn internal database and external code, thereby avoiding issues that inevitably arise when a system is migrated. Migrating a systems database generates new Primary Keys for the object data migrated, and thus created in the new database - this is a characteristic of databases. We may continue to include PK1s in REST results for Courses and Users for use in requests as a convenience*, but these PK1s should never be used as permanent external identifiers of Learn objects.


One example of this change as several have pointed out, is the difference between the soon-to-be deprecated SOAP and our REST membership endpoints. With SOAP calls to the CourseMembership endpoint returned a CourseMembershipVO that contained a field 'id' which is the PK1/ID. That data point is not available from the REST membership endpoints. This is because we have eliminated the id/PK1 field from the response returned by the REST GET/learn/api/public/v1/courses/{courseId}/users endpoints to meet the above stated goals toward reliability and longevity.


What do you use instead of the PK1?

What may have seemed like a good, solid identifier really is not. The way forward is to start using the different objects' UUIDs as returned in REST requests.


You need to replace any use of PK1 or ID as the unique identifier, whether using SOAP or Java APIs. When migrating your application to using REST APIs you may use a lazy identifier migration. In this model you may add the UUID field to your database and populate as you access those objects at runtime. If your code finds your UUID fields empty when making a Learn access, you use the courseID and userName you have to look up the UUID for the course membership, the UUID for the course, and the UUID for the user and populate those fields. Doing it this way eliminates the need for one mass migration, you get the new data as you go. If you see other creative means forward, please share here.


In summary, now is the time to start moving away from using API functionality that uses a PK1 or Database dependent object IDs and move to using the object’s UUID.


  *Statements regarding our product development initiatives, including new products and future product upgrades, updates or enhancements represent our current intentions, but may be modified, delayed or abandoned without prior notice and there is no assurance that such offering, upgrades, updates or functionality will become available unless and until they have been made generally available to our customers.

Here's a handy URL to have when for some reason the credentials you have for the front-end login to your Learn system don't work.  If you have back end access, this is like having a key hidden under the rock in your back yard. Run the tool and it gives you a one-time login to the front end so you can reset your username/password.


REST API Deprecation Process

Posted by mkauffman Oct 22, 2018

We've had questions come in regarding REST API v1 deprecation. The answers to these questions inline below:



   When it comes to V1 route deprecation what will be process of notifying the V1 route consumers?


   - What will be the notification process?


Deprecation of REST APIs take place only when a new version is released - the deprecation is noted on the API documentation page:



   - How long will it take to completely remove once notified? 


Removal of deprecated REST APIs from product will take place minimally* one year after deprecation is noted in the API documentation.

*In extremely rare cases this removal may take place sooner than one year - if that is the case it will be noted in the above noted documentation.



   - Will the V1 routes be removed from existing BB Learn instance versions?


Deprecated APIs will continue to work with releases prior to the Learn version from which they are removed.


E.G.: API is deprecated in 3300.0 and removed in 3400.0 - the deprecated API will continue to work with all supported Learn versions prior to 3400.0.


   - If not, from which Blackboard instance version upwards will V1 routes be removed and when is it scheduled?



See above.

At the University of South Wales we are currently implementing Grades Journey, for anyone going through the same process you will be concentrating on two key areas of work, provisioning and extraction.


The first task for us was provisioning and successfully connecting to the Grade Journey API is the first stepping stone.



The details on how to use the REST API are available here:



We are interested in generating a MAC code which is passed along with API calls, the documentation tells us how to achieve this:


To properly authenticate users, the trusted system must be able to generate a valid MAC (message authentication code) to send with the SSO request. This MAC is used to determine the integrity of an SSO request. The steps required to generate a secure MAC are as follows:


  1. Sort the parameters API Key, Timestamp alphabetically by parameter name.
  2. Concatenate the parameter values by the sorted parameter names into a single string.
  3. Append the Shared Secret to the string obtained from Step 2.
  4. Encrypt the string into a 16-byte string using the MD5 algorithm.
  5. Convert the 16-byte string into a 32-byte alphanumeric (hexadecimal) string to make it URL-friendly.

Access the Grades Journey Building Block settings / REST API Security Settings (Incoming Data Security) and set the following values:


C Sharp code

A simple example of taking the API Key, Shared Secret and UNIX timestamp in milliseconds and generating a MAC code. In alphabetical order the parameters are:

  • api key
  • timestamp

if you name these differently in the settings then adapt to match accordingly.


* This code has no tests, error checking and sits in the body of the main method but is only for reference


Edit / run this code sample here: - AdorableSlushyIrc


using System;


using System.Security.Cryptography;

using System.Text;

using System.IO;


class MainClass {


  public static void Main (string[] args) {

   // Grades Journey Authorization

   // Example of generating a MAC key 

   // API key and secret are set within the Building Block

   string APIKey = "this_is_your_api_key";

   string secret = "no_one_knows_this";

   int validTimeMS = 10000;

   // Current timestamp in Milliseconds

   string currentTimestamp = DateTimeOffset.Now.ToUnixTimeMilliseconds().ToString();

   string timestampExpiry = (DateTime.Now).AddMilliseconds(validTimeMS).ToString();

   string concactString = string.Concat(APIKey, currentTimestamp, secret);

   // Encrypt

  MD5 md5 = new MD5CryptoServiceProvider();

  UTF8Encoding encoder = new UTF8Encoding();

  Byte[] encodedBytes = md5.ComputeHash(encoder.GetBytes(concactString));

  string MAC = BitConverter.ToString(encodedBytes).Replace("-", "").ToLower();



  Console.WriteLine("MAC: " + MAC);

  Console.WriteLine ("Valid until: " + timestampExpiry);




The outcome is a MAC code that was created at 13:07:05 which is valid for 10 seconds:



MAC: 4ee273df794692bc6e890f4184271878

Valid until: 10/19/2018 13:07:15



You would then use this MAC when calling the gradable items API endpoint to provision grade columns. If the API returns any authentication errors it is possible to access the system logs and view details on the API call and debug the issue. If anyone is interested I can post details on calling the API in another post.



Leave Some Breadcrumbs

Posted by mkauffman Oct 12, 2018

This one is for B2 developers. All of our current supported Learn builds have a left-navigation menu that comes and goes as you shrink and grow the browser window. Try it. Go into a course and shrink the browser window. You'll see the navigation menu disappear. Now grow the browser window and mouse over the left side of the window. You'll see an arrow that lets you make the navigation menu visible again. But, if your B2 is displaying content on the course page, without the bbNG: pageHeader and bbNG:breadcrumbBar tags, the left-navigation menu will disapper and you will not be able to get it back. Unless you reload the page.


This B2 has a sample course tool link which works correctly. GitHub - mark-b-kauffman/bbdn-bblogbackb2: Demo the use of Logback to create log files.


Here's a video demonstration: Dropbox - 2018-10-12_16-08-30.UseBreadcrumbs.KeepTheNavMenu.mp4


Leave some breadcrumbs!


It's Only A Model

Posted by mkauffman Oct 12, 2018

Camelot (it's only a model) - YouTube

Ok, this is not a blog post about silly movies. I'm writing because of a recent occurrence of difficulty noticing/finding a very important piece of our REST API documentation, the .... wait for it.... Model. As described below reading through the API Models can help reduce the number of REST API calls you make and improve your experience with Blackboard Learn REST endpoints in general.


Here we go. When you visit a REST API, you'll see the following Response Example Value.


All well and good. But! There is a lot of important information hiding under the greyed out Model link. See it? When you click on it, you see the following Model!



You really want to read all of that because... way down in the text you'll read:

Since: 3300.9.0

user (


The user associated with the membership.

Shown when adding the query parameter: "expand=user". And can be filtered with the "fields" query parameter, for example "filter=user.uuid,user.externalId".

Which means that you CAN get all of the information you'd like about users in a course when pulling course memberships, without making additional REST calls to the /users endpoint.


Be certain to check out the Models!

The Announcement! -->> Blackboard Deprecates SOAP Web Services


First - our forward looking statement applies to the information presented here*.


I'm writing this blog post because this week in our Blackboard Learn 9.1 Upgrade Cohort we mentioned our intent to announce deprecation of our SOAP Web Services near the end of this year. We also mentioned our intent to remove the SOAP Web Services from Learn within approx. a year of the deprecation announcement. There have been questions, specifically as to what is being deprecated. Here's a brief video giving the details about what will be deprecated: Dropbox - 2018-09-28_10-08-46BbSoapWSintentToDeprecate.mp4 Also, to be clear, the deprecation, and eventual removal, will only impact new versions of Learn – meaning that existing Learn releases will continue to support SOAP Web Services.


Finally, we need developers using SOAP Web Services to review the REST APIs now and contact us with any gaps that prevent them from migrating their SOAP-based application to a REST-based application. Reach out to us at


For additional context see:


*Statements regarding our product development initiatives, including new products and future product upgrades, updates or enhancements represent our current intentions, but may be modified, delayed or abandoned without prior notice and there is no assurance that such offering, upgrades, updates or functionality will become available unless and until they have been made generally available to our customers.

It's been a while, and this needs to be said. A few have asked about surfacing Building Block content in Ultra courses. You can't do that. B2 content can be surfaced in an Original course on an Ultra Nav-enabled system, but not in an Ultra course. The way into Ultra is LTI and REST. These offer advantages over B2 integrations in that you can code in any language, your integration is less dependent on the Learn server, and unlike a B2, the integration doesn't run in the same JVM as the Learn server. So, if you want to integrate with Ultra courses, check out REST , Blackboard's LTI Documentation and Basic Overview of How LTI works | IMS Global Learning Consortium


Not So Private

Posted by mkauffman Aug 13, 2018

By way of introduction, this an article about why you should migrate your B2 integration to LTI &/or REST.  With said, I started writing this article because of several B2 issues that have come up over the past year because of the B2's use of 'private' APIs. What is a private API? Simply stated, it's an API that a B2 can use, but it's not been published in our public Building Block API Documentation. Let's look at an example.


Some developers discovered, and have used this private API:



Our development team moved this Java API, and because it's private, they're under no obligation to inform anyone when they do so, or what they've done with it. Then, because it wasn't so private, B2s that used it fail in newer releases of Learn.


The good news is that we're developing and introducing REST APIs at a rapid pace, based on use case. If you have a use case that our APIs don't cover, you can submit submit your idea here. Our goal is to publish REST APIs that meet a majority of use cases, so you don't need to use a 'not so private' API.

Mark O'Neil, our Senior Product Manager, Developer Platform, and his team have been very busy in the past year! If you haven't been following the changes at Blackboard API Services, I'm writing this to give you a sense of what's new since last year around this time. Looking at our internal release notes and  the Learn SaaS Release Schedule | Blackboard Help I see that 3200.6 was released to client test systems near the end of June last year, and 3400.7 was released to client test on June 12th 2018. Given that, I see that we've released over 4 dozen new REST APIs in that period of time. Since the beginning of this year alone we've release many REST APIs that you will be interested in, including course assessments, LTI, course gradebook categories, and attempts. Head over to Blackboard API Services and check it out. And, a big thanks to Mark O'Neil and team!

Several partners have gotten stuck while attempting to update their Learn license. The help documentation needs an update for Windows. We're working on that.  In the meantime, if you're running Learn on a Windows server and run into issues updating your Learn license, do the following.


First, when updating the license, you need to refer to the section at the very bottom of the help documentation, "Upgrade a license without upgrading Blackboard Learn." Open a command prompt, as Administrator, and use the Blackboard Learn ServiceController script to stop all Blackboard services. Check that they are indeed stopped using the Windows Services control panel. Next, on your Windows server, do the following:


  • Rename the old license file: <path-to-blackboard>\blackboard\config\license\blackboard-license.xml to blackboard-license-OLD.xml
  • Copy the new license file to <path-to-blackboard>\blackboard\config\license\blackboard-license.xml
  • cd into the <path-to-blackboard>\blackboard\system\tooldefs\system\LicenseReplace directory
  • .\run-tool.bat  <path to blackboard>\blackboard\config\license\blackboard-license.xml