Scopes
What Are Scopes?
In Xporter, scopes are like permission sets that determine what specific types of data your application can access from a school's system. Think of them as filters or keys that control what data you can see or use. Scopes are important because they make sure your app only has access to the data it needs, rather than everything the school holds, ensuring security and privacy are maintained.
When a school is invited to share its data with your app, you need to request certain scopes depending on the data your app requires. For example, if your app tracks attendance, you would request the "Attendance" scope. If it also needs assessment results, you would include the "AssessmentResults" scope. Each scope corresponds to a different set of data that Xporter can provide from the school's Management Information System (MIS).
Why Are Scopes Important?
-
Security and Privacy: Schools only share the data that is necessary for your app, helping to protect sensitive information. This also supports compliance with regulations like GDPR, which require careful handling of personal data.
-
Customised Access: Different apps might need different kinds of data. Scopes let each app request access only to the areas it needs. For example, an app for managing student behaviour would request different scopes than one focused on academic performance.
How Scopes Work in Practice
When a school authorises your app to access its data, the school reviews the requested scopes. They can choose to approve or reject these scopes, which gives the school control over what data is shared. Schools can also configure how they share this data by choosing specific groups (like all students, or only certain ones) or by selecting individual data fields.
Once a school agrees to share certain scopes, your app can start making requests for that data using the Xporter API. If you later decide your app needs access to more data, such as adding a new feature that requires additional information, you can ask the school to authorise new scopes. If they agree, Xporter will issue a new schoolSecret to reflect the updated data permissions.
A Practical Example
Imagine you're developing a mobile app for teachers to track student attendance. To access the attendance records, you would request the "Attendance" scope. After the school reviews and approves the request, your app will be able to pull attendance data from the school's system. However, if your app doesn't need assessment results, those won't be included in your access because they are controlled by a different scope.
In summary, scopes help control and manage what data your application can access in a simple and secure way. They ensure that only the necessary data is available to your app whilst protecting privacy.
Full list of scopes with associated fields
| Scope Name | Category | Description |
|---|---|---|
| Address | Students | Access to addresses |
| AgencyAgent | Students and Agents | Access to data relating to agencies and agents. Additional scopes required depending on the agency / agent. |
| AgencyAgentOther | Students and Agents | Grants access to agency and agent information that is neither medical nor social services. Could contain sensitive information. |
| Applications | Students | Access to applications and additional information about applicants |
| AssessmentResults | Students | Access to assessment results for students |
| Attendance | Students | Access to attendance summary and session/lesson attendance marks |
| Cashless | Students | Cashless topups, Balances and transactions, for cashless caterers calling the SchoolMoney or WisePay API (CAPI) |
| Conduct | Students | Access to student behaviour and achievement records |
| ConductComments | Students | Access to comments linked to student behaviour and achievement records |
| Contact | Contacts | Access to student parental contacts and their basic details (names, contact details) |
| ContactFreeText | Contacts | |
| ContactGender | Contacts | Access to gender information of a parental contact |
| DietaryNeeds | Students | Access to dietary needs (including allergies) of students |
| EmbargoedExamsResults | Students | Access to exam results, INCLUDING results that are embargoed for students |
| EmergeForWeb | Scope used for Emerge Web Queries | |
| EmergeViaXod | (Deprecated) Xpressions via XoD | |
| EndpointInfo | School | Access to Xporter agent information and school connectivity check updates |
| ExamsResults | Students | Access to exam results that aren't embargoed for students |
| FundingMonitoring | Students | Access to data regarding funding and monitoring (FAM) |
| NHSNumber | Students | Permits extraction of NHS Number |
| ParentalConsents | Students | Consent to pull list of things parents have consented to |
| Photos | Students,Staff | Access to photos |
| Post16Study | Students | Access to data regarding post-16 study |
| SEN | Students | Access to student SEN provision information |
| SENEHCP | Students | Acces to student Education, Health and Care Plans |
| SENEvents | Students | Access to student SEN events and their related persons |
| SENReviews | Students | Access to student SEN reviews |
| SENStatements | Students | Access to student SEN statements |
| SENTypes | Students | Access to student SEN provision and specific needs |
| School | School | Access to structural school information such as groups, timetable & assessment structure |
| SchoolLite | School | Access to structural school information such as groups & headteacher contact details |
| SocialServices | Students | Grants access to sensitive data relating to social services |
| Staff | Staff | Access to basic staff details (names & work contact details) |
| StaffAbsence | Staff | Access to staff absence statistics and associated documents |
| StaffAddress | Staff | Access to staff home addresses |
| StaffChecks | Staff | Access to staff check records |
| StaffContractual | Staff | Access to staff contractual employment information |
| StaffDisability | Staff | Staff disabilities |
| StaffEmployment | Staff | Access to basic staff employment information |
| StaffEthnicity | Staff | Access to staff ethnicity data (Explicit authorisation required for GDPR compliance) |
| StaffExtended | Staff | Access to staff gender, extended name information & date of birth |
| StaffFinancial | Staff | Access to staff financial details including salaries, allowances and payroll information |
| StaffFreeText | Staff | Access to free text about a staff that may contain sensitive data such as documents and comments |
| StaffLite | Staff | Access to basic staff details (names & work contact details) |
| StaffNextOfKin | Staff | Access to next of kin information about staff member |
| StaffPersonalContact | Staff | Access to staff home contact details |
| StaffQualifications | Staff | Access to staff qualification records |
| StaffReligion | Staff | Access to staff religion data |
| Student | Students | Access to basic student details (names, gender and enrolment details) |
| StudentAlternativeProvision | Students | Access to information about alternative provisions for students, including some free text that relates to the provision |
| StudentDeceased | Students | Access to information related to deceased students |
| StudentDemographic | Students | Access to language and language proficiency information |
| StudentDetentions | Students | Access to data relating to student detentions |
| StudentEthnicity | Students | Access to student ethnicity data |
| StudentExclusions | Students | Access to student exclusions information |
| StudentExtended | Students | Access to extended student information (Additional identifiers, extended name data) |
| StudentFamily | Students | Access to details relating to student family arrangements including service child and in care flags |
| StudentFreeText | Students | Access to free text about a student that may contain sensitive data such as quick notes, documents and User Defined Fields |
| StudentFunding | Students | Access to student additional funding indicators |
| StudentGenderIdentity | Access to sensitive gender identity information for students | |
| StudentHistory | Students | Access to extended student records including historic data |
| StudentInterventions | Enables access to interventions and related student records | |
| StudentLite | Students | Access to basic student details (names, gender) |
| StudentMeals | Students | Access to student meal choices |
| StudentMedical | Students | Access to medical records relating to students |
| StudentPregnancy | Students | Access to student pregnancy flags |
| StudentReligion | Students | Access to student religion data |
| StudentSchoolHistory | Students | Access to student school enrolment history including previously attended establishments |
| ThreeYearHistory | Students,Staff,Contacts | Permits all historical data relating to persons in the three academic years previous to the current academic year |
| UPN | Students | Access to student UPN and former UPN data |
| WritebackAssessment | Writeback | Writeback assessment results and comments |
| WritebackAttendance | Writeback | Writeback session and lesson attendance marks & comments |
| WritebackConduct | Writeback | Writeback behaviour and achievements records |
| WritebackPhotos | Writeback | Writeback student, staff and contact photos to XoD |