Remove X-EdX-Api-Key usage

[asadali145]

Description/Context

Open edX is going to remove the support of X-EdX-Api-Key header. Currently, we are using the X-EdX-Api-Key and token authentication both in our client. As per the initial R&D, we can safely remove the usage of X-EdX-Api-Key and our apps would still work as we use the token authentication in our Apps.

Usages:

• edx-api-client/edx_api/client.py

  Line 47 in 6195349

  "X-EdX-Api-Key": self.credentials.get("api_key"),

  and the related tests.

Acceptance Criteria:

• Usage of X-EdX-Api-Key is removed safely without an impact on the existing functionality.
• Update docs if needed.

Related tickets

mitodl/mitxpro#2872
mitodl/mitxonline#2102

[arslanashraf7]

@mudassir-hafeez Could you take a look at this before mitodl/mitxpro#2872? These two are associated issues and we should work on this one before the xPRO one.

[mudassir-hafeez]

@pdpinch
After conducting some R&D and testing various endpoints of the edx-api-client (along with xpro), I've discovered a potential impact on the deactivate_enrollment API for non-staff users if the EdX-Api-Key is removed.

• It seems the edx-platform does not update enrollment (i.e. deactivation) for non-staff users without the X-EdX-Api-Key and raises error, even though it is deprecated, and allows them unless users have staff privileges or an EdX-Api-Key is set.
• The following Xpro features/management commands would be impacted if EdX-Api-Key usage is removed:
  • defer_enrollment
  • refund_enrollment
  • transfer_enrollment
• Some similar features exist in mitxonline, which are subject to the same impact.

I suggest we wait until EdX completely removes the usage of EdX-Api-Key from edx-platform. After that, we can address any necessary fixes or adjustments.

[pdpinch]

What is the open edx community plan for addressing this? I thought we had already switched mitxonline to use a staff user for enrollments already, so we could the invitation_only setting.

[arslanashraf7]

In addition to @pdpinch 's comment, Here are some thoughts from my end:

1. I agree with Peter, We did shift the enrollments to invite only we now use staff tokens to enroll users through API.

Some questions:

1. Do we still use EdX-Api-Key while enrolling users through the staff token?
2. If Yes, Does the enrollment work If we remove it?
3. If enrollments are working without EdX-Api-Key and the unenrollments are being performed on behalf of the user's token, can we use the staff token in unenrollment as well?

If we can perform unenroll with staff token and without EdX-Api-Key, I think we won't need to worry what edX doesn't with API key.

I'd also like to note that the impact of any changes we make in edx-api-client would not be limited to MIT xPRO, It would also touch MITx Online since that uses the same client for API calls to edX.

[asadali145]

Update

We(Me, Muddassir, and Arslan) discussed the enrollments. Here are the notes of the discussion and steps forward:

• We already moved to the forced enrollments using the staff user and enabled the invitation-only flag for the course enrollments in xPro and MITx Online.
• Enrollments are created using the staff user but we found that unenrollment is using the EdX-Api-Key and the user token. Arslan has suggested that we use the staff user for the unenrollments as well (Which should be easy to do).

Next Steps

• Use staff user for the unenrollments
• Remove EdX-Api-Key

CC: @pdpinch @arslanashraf7 @mudassir-hafeez

[mudassir-hafeez]

Closing #103 as PR #104 and related PRs (mitodl/mitxpro#2982 and mitodl/mitxonline#2217) have been deployed to production.