The following article gives iiQ administrators a step-by-step guide on configuring Aeries for Incident IQ to access Aeries data through the OneRoster API. This includes:
Creating a record in Aeries for iiQ
Setting the appropriate permissions in Aeries
Configuring the OneRoster API
Creating an Incident IQ Record in Aeries
Aeries SIS contains an integrated API system. An “API” is an Application Programming Interface. It allows external systems (such as Incident IQ) to call functions inside Aeries to perform actions like getting data out or changing information. First, you will need to access the API Security page in the Security node of the navigation menu. This page allows you to create and manage 3rd party product records and permissions.
Accessing the API Security page as an Aeries administrator allows you to Add, Change, and Delete records for 3rd party products. Click Add and enter Incident IQ as only the product name is required. You will also need to check the box for OneRoster so that iiQ can access OneRoster data. Click the Insert button to save the record.
After saving the record, check the box to Display Certificate Details. Make a note of the Certificate value, followed by checking the box to Display Consumer ID & Secret Keys for OneRoster.
Setting Aeries Permissions
After creating a 3rd party product record for Incident IQ, you can grant appropriate permissions to various tables and program areas within Aeries. Two API permissions are available through the API: Read and Update. Read permissions allow Aeries data to be retrieved via the API but not modified. Update permissions allow Aeries data to be changed via the API. Currently, Incident IQ does not support write-back functionality and, as such, will only need the read permissions for the following:
Student Data
Student Data
Scheduling
Teacher Data
Master Schedule
Course Data
Classes
School Information
Schools
Terms
Users
To grant permission, click the box next to the appropriate table/program area under the Read column, and the box will become checked with a green background. To remove a permission, click the box again, and the checkmark and green background will disappear. There is no “Save” button for API permissions. Changes are saved immediately as you click the various boxes.
API Setup
After an entry for 3rd Party Vendor record for Incident IQ has been created, continue to work on the Security | API Security page. First, select the vendor created (“3rd Party Vendor” in this example). You will see Product Information listed for that vendor as shown below.
Select Change and ensure the OneRoster checkbox is checked to enable the vendor to access the OneRoster API. After reviewing the box, click the Update button.
After updating, check the box labeled Display Consumer ID & Secret Keys for OneRoster.
Note the Consumer ID and Consumer Secret Key that are displayed. The core security of the OneRoster API is different from that of the regular Aeries API. For OneRoster, the vendor will NOT use the Aeries Certificate but the Consumer ID and Secret Key instead.
When installing the Aeries app in Incident IQ, you will need to make a note of the following pieces of information:
Aeries URL: This is the base URL for your Aeries Web application. The website must be publicly accessible from outside your local network, and it is HIGHLY recommended to be secured with an SSL certificate (HTTPS). Browse your Aeries login page, then copy everything before the last slash (“/”) in the browser’s address bar. An example Aeries URL looks something like this: https://aeries.mydistrict.org. If your Admin and Teacher Portals are not available externally or if they use Integrated Windows Authentication, then it is best to provide the URL of your Student Portal instead. The API works the same regardless of the portal type.
API Certificate (for regular Aeries API): Using this unique string provides security for the Aeries API against unauthorized access. A sample Certificate is highlighted below for illustrative purposes only. Each Certificate will be different.
Consumer Secret Key: This is one piece of information that the vendor will require for OAuth 2.0 authentication, as described in the OneRoster API Authentication article. A sample Consumer Secret Key is highlighted below for illustrative purposes only. Each Consumer Secret Key will be different.
Do not share a Certificate, Consumer ID, or Consumer Secret Key with anyone other than someone from Incident IQ. These credentials cannot be changed once they are created in Aeries. The Aeries Incident IQ record must be deleted and recreated if credentials are compromised.
Once you have your vendor record created, permissions assigned, and your district’s Aeries URL, API certificate, and Consumer ID, you can install the Aeries.
---
Hannah Bailey - Director, Customer Engagement









