Legito API Policy

Legito API Policy


Applications that access the Legito API should adhere to the following principles:

  • Don’t impersonate.
  • Don’t surprise users.
  • Respect the privacy of any information retrieved.
  • Don’t overload users.

Additionally, your applications must adhere to Legito API rate limits (see the API Rate Limits section below).


Don’t Impersonate

  • Your application should not mirror or replicate Legito, or any other organization using Legito.
  • Do not impersonate or facilitate impersonation of others in a manner that can mislead, confuse, or deceive users.
  • End users should understand that your application is integrated with Legito but is an independent resource.
  • You should not remove or alter any proprietary notices in the Legito API.


Don’t Surprise Users

Your application should not…

  • Use the Legito API for different purposes other than what your application states or implies.
  • Confuse or mislead users about the source or purpose of your application.
  • Use business names and/or logos in a manner that can mislead, confuse, or deceive users.
  • Use the Legito API on behalf of any third-party.
  • Facilitate or encourage the publishing of links to malicious or obscene content.

Your service should outline what actions your application will take on the user’s behalf as part of the application registration process.


Respect the Privacy of any Information Retrieved

  • Any user information—including course enrollments, grades, profile information, etc.—retrieved through the Legito API should be considered private information and, in some cases, will be protected by government regulations.
  • Know what information your tool will disclose to the public or to other products and services, and be clear with end users about what information will be disclosed.
  • Do not facilitate or encourage the publishing of private or confidential information.
  • Respect the intellectual property rights of others.


Don’t Overload Users

Legito provides a number of different ways to contact, notify, and inform users of information. Where these methods are exposed in the Legito API, it’s important to monitor how often your application is pushing information to users.

In general, you should try to push information as rarely as possible, both to prevent user annoyance and also to make your pushes more effective.


API Rate Limits

Applications that access the Legito API must not place undue load on Legito servers. Legito has an automatic rate limiting provision that dynamically adjusts as more concurrent and/or expensive requests occur. When the rate limit is exceeded, API requests will fail. Rate limiting is enforced per user access token so that partners who perform requests on behalf of multiple end users will not be throttled per developer access token that they hold.

If an application regularly exceeds the API rate limits or uses a disproportionately large number of high-impact (e.g. non-GET) requests, the access tokens may be revoked, or other measures may be taken to ensure the stability of the system for all users.

If you are concerned about hitting the rate limit, please contact your Customer Success Manager to either adjust your rate limit or seek assistance optimizing your application for lower impact on Legito performance.


Deprecation and API Changes

The Legito API is versioned to allow for future enhancements. Legito strives to deliver a platform that is stable, consistent, and secure so you can confidently build awesome on top of Legito APIs. Legito will add, change, and remove API endpoints and fields from time to time using commercially reasonable efforts to provide communication as indicated in the API documentation.


Modifications to Policy

Legito reserves the right, in its sole discretion, to modify this Legito API Policy at any time. You are responsible for reviewing and becoming familiar with any modifications. Modifications are effective when first posted. To receive notifications about changes to this policy and the Legito API functionality, see the Legito API documentation.

Instructure has no liability to Customer as a result of any change, temporary unavailability, suspension, or termination of access to the API.

Information and notices regarding Legito APIs can be found in the Legito New Releases section.


API Support

Developers on cloud-hosted Legito can submit questions about or issues with the API to the Legito Support team in one of the following ways:

  • Email helpdesk@instructure.com
  • Open the Error Report form and identify any API error you have encountered in Legito

Tickets about the Legito API will be handled following the same service-level agreement that applies to any other ticket from a given institution.