Main Concepts
You need to understand what the following objects mean before you start the integration.
-
Test Attempt: This is AutoProctor's basic "unit of storage". Every proctored test maps on to a test attempt. For example, if you have 5 candidates and each of them attempts 2 separate tests, these correspond to 10 different test attempts.
-
testAttemptId
: Each test attempt is identified by a uniquetestAttemptId
. This is the ID according to your system, as stored in your database. If you are integrating AutoProctor, you must already have some quizzing/online testing software enabled at your end. So, whatever unique identifier you use to track the different attempts is what you will pass as a parameter -
hashedTestAttemptId
: This is a critical concept and most developers trip up in implementing this. So, get this right! Let's understand the motivation for this: most REST API requests happen between backends. So, the API key plays the role of ensuring there is security. If your API key is compromised, the server cannot know it isn't you who is making the request.As the AutoProctor SDK is a frontend library, the
CLIENT_SECRET
cannot be exposed. What you will do instead is: On your backend, compute the SHA 256 hash of an object (say thetestAttemptId
) and pass it along with the object itself. We know yourCLIENT_SECRET
and so we can compute the same hash on our backend and authenticate you.