CMI5

Introduction

How to make your LMS CMI5 compliant

CMI5 is the new generation of SCORM. It defines a set of statements that CMI5 contents must record, as well as a packaging format and a launch mechanism.

If you want to make you LMS CMI5 compliant, you have a few options:

Developing an internal LRS for your LMS
Using an external LRS and developing a LRS proxy on your LMS
Making a custom integration with an external LRS

All these options have their own benefits and drawbacks. However, the 3rd one requires less development on the LMS side and delegates more responsabilities to the LRS.

LMS integration with TRAX LRS

TRAX LRS provides all you need for make a robust integration with your LMS in order to support CMI5:

A token delivery API that your LMS will use during the launch process,
A secured endpoint to let CMI5 contents communicate directly with the LRS, without LMS proxy,
The standard API which can be used by the LMS to get back the CMI5 data.

Token Delivery API

How it works

In order to get access to the token delivery API, your LMS must have the Create CMI5 tokens permission in TRAX LRS.

To know the endpoint of the token delivery API, get the LMS access endpoint, and replace xapi/std by xapi/cmi5/tokens at the end of the URL.

The API has a single GET method which takes 3 mandatory parameters.

Parameter	Description
activity_id	The ID of the CMI5 activity (IRI).
agent	The agent launching the CMI5 activity (JSON encoded).
origin	The content host that will be used in CORS policy.

The API returns a JSON document with the endpoint and token that must be used by the CMI5 content.

{
    "endpoint": "http://lrsdev.test/trax/api/48a85a15-b742-4ab4-b7ec-4e48d77b8f24/xapi/std",
    "token": "NTJlY2FhNzItYmFjOS00NWVhLWJlYjItMzczMTMwNWMyZTdiOjNhZDQ2YWIwLTIwY2EtNDZjNS1iY2RlLWQxMTVjNWVmOGM2NQ==",
}

Managing the tokens lifetime

The CMI5 tokens lifetime is set to 60 minutes by default. You can change this value in your .env file.

CMI5_TOKEN_LIFETIME=60

The following command must be ran on a regular basis to remove the expired tokens. We recommend to setup a CRON job.

php artisan cmi5:cleanup-tokens

Secured Endpoints

TRAX LRS provides specific endpoints for the CMI5 contents, with a set of security rules applying on the standard APIs.

Statement API

Trying to post a voiding statement will return a 403 error.
Trying to post statements with an actor that does not match with the learner agent will return a 403 error.
When getting statements, the agent filter will be ignored and only statements with an actor that matches with the learner agent will be returned.

State API

Trying to get a state from an agent that does not match with the learner agent will return a 403 error.
Trying to get a state from an activity that does not match with the CMI5 activity id will return a 403 error.

Activity Profile API

There is no restriction on this API.

Agent Profile API

Trying to get an agent profile from an agent that does not match with the learner agent will return a 403 error.

Activity API

There is no restriction on this API.

Agent API

This API is not available to the CMI5 contents. Trying to get an agent will return a 403 error.

Getting Back CMI5 Data

On demand

At any time, your LMS may need to know the status for a given learner and CMI5 content, for example to display this status on the launching page.

This can be achieved with the GET method of the standard Statement API and the following parameters:

Parameter	Description
agent	The agent launching the CMI5 activity (JSON encoded).
activity	The ID of the CMI5 activity (IRI).
registration	The registration ID (UUID).

On a regular basis

If you want to build some reporting features in your LMS, you need to get CMI5 data in an efficient way. For example, you could use a CRON job to get all the recent CMI5 data from the LRS and store it in the LMS database.