This is a discussion rather than technical question.
What are thoughts about adding instructor developed REST API integrations so that they can work with their courses on a programmatic basis? For this discussion, the API LEARN USER is assumed to be the instructor.
My own Pros and Cons include
It makes life easier and encourages innovation for the instructor who is technically savvy and wishes to update courses more efficiently.
1. Lack of logging. To the best of my knowledge, there is no specific log which captures course/user/gradebook manipulation. The access log is of little use to managed host clients and really does not contain enough information to identify "who actually used the external application", "what did they do" and "which integration was used".
2. Bad application code. In general, it's much faster to inadvertently destroy stuff with code than by using a mouse and keyboard. It would be impossible and impractical to try and enforce good coding practices and adequate testing.
3. Instructors who share their REST API credentials with others (course builders, instructors, teaching assistants etc.)
4. Instructors who share code with others. If bad, the problems introduced by the original are magnified. If good, then the recipients may try to change what they don't understand.
5. REST API credentials never expire. This is an extension of instructors who share. In theory and practice, anonymous users can manipulate information long after they are no longer associated with the school and their personal authentications are removed.
Thank you for your thoughts.