Note: The below applies to all new releases created after 1st December 2022. Releases made before this date will still be using our legacy forwarding service for xAPI statements.
This forwarding service will be maintained until January 2024, at which point it will be switched off. This will require action prior to this date in order to keep receiving this data.
|
Elucidat uses the xAPI standard to send learner information related to a course directly to your LMS, LRS or other destination of your choice. As this information is sent in xAPI statements directly from the course itself, there are a few things you need to check are in place to avoid any issues and make sure the statements make it to the intended destination. We would expect most of this to be in place already if using a hosted or SaaS solution for your LRS/LMS.
Volume
For those using our legacy forwarding services on older releases, the forwarding performed by Elucidat may have acted as a “buffer” for large amounts of data. For destinations that are unable to cope with a large amount of statements reaching them all at once, this would have eased the load on the destination.
Whether you are new to using xAPI, or you used to use our legacy service, we’d recommend evaluating the audience for some of your larger courses, and adequately sizing your LRS or other infrastructure (e.g. ingestion processes), or talking to your provider, to make sure they can cope with the volume of statements you are likely to receive. It may be wise to set up a test course as per Setting up TinCan mode for working with an LRS and perform some initial testing to get a feel for the amount of statements you will receive.
Network Setup
As xAPI statements are sent directly from the browser, there are technical considerations to make sure your LMS or LRS can receive them.
For any destination, the following CORS headers need to be in place. We’d expect a SaaS LRS to have these in place already, but speak to your provider or IT team to make sure that these are, or can be, put in place before you start using xAPI tracking.
access-control-allow-headers:
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,
X-Experience-Api-Version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
Statement Format
You’ll also want to make sure that the destination can handle multiple statements being sent as a list, as opposed to just one statement at a time. Most hosted destinations should already be able to cope with this, but some bespoke/in-house systems may not be set up for this format.
Security
xAPI statements can contain Personally Identifiable Information, so we’d always advise using security best practices at the destination.
- Make sure the credentials used by the course for your LRS/other destination have the least amount of privilege (for example, don’t use the credentials for an admin user of your LRS).
- Credentials for the destination should be of sufficient complexity.
- The destination used for receiving xAPI statements should not be used for other purposes.
- The destination address must use SSL (i.e. should be an HTTPS address).
Summary
If you’re using a hosted/SaaS LRS or LMS, most of the above considerations should already be taken care of for you. You can always send this page to your provider to make sure everything is in place if you are unsure.
For bespoke or in-house solutions, pay careful attention to the security best practices outlined, make sure the relevant CORS headers are in place, and make sure your systems can handle the volume of statements you’ll be receiving.
With a little preparation, xAPI tracking can be a really useful tool that augments standard SCORM tracking in your LMS.
If there are any questions on the above, please don’t hesitate to get in touch with your Customer Success Manager or contact support@elucidat.com where we will be happy to help answer any questions you may have.