Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Copying LMS groups to internal ones

The problem I'm trying to solve is deleting courses from our LMS but maintaining the permissions on the course folder. Once a course is deleted, its permissions groups lose all their users, so I'd like to copy those users to an internal group with the same access rights.

First of all, is this not possible with the REST API? I do not see a way to get group membership. I can use /api/v1/folders/{id}/permissions to find the groups on a course folder but the Group API only contains a search endpoint which also does not show group membership. So even if I was able to find who was in a group, I could not create one.

Is copying a group possible with the SOAP API? Support pointed me to the Group type, but from its properties, I still do not see a way to access its membership. What SOAP classes would I need? Folder::GetAccessibleChildFolders, FolderAccessDetails, Group, GroupAccessDetails?

Lastly, I'm more familiar with REST APIs, and haven't worked with SOAP in a long time. If there are general pointers for how to use the Panopto SOAP APIs, I would appreciate them. I know there is a sample repo but it is smaller and less well-documented than the REST API examples. I prefer to work in Python but other languages are ok, too.


Best Answer

  • Options
    Kevin BaumKevin Baum Panopto Employee
    Answer ✓

    Hi Eric,

    You are correct that Panopto's REST API does not currently have an endpoint to get a list of users in a particular group. You can use our SOAP API to get group members and create a new group with those members.

    To get a list of members in a group, you can call the IUserManagement.GetUsersInGroup endpoint. Once you have the list of members, you can use the IUserManagement.CreateInternalGroup endpoint to create a new group, and add the users you previously retrieved using the IUserManagement.AddMembersToInternalGroup endpoint.

    Once all of the members have been added, you can call the IAccessManagement.GrantGroupAccessToFolder endpoint to allow the new group viewer or creator access to the folder.

    We do have another SOAP sample using Python on our public GitHub page that includes a wrapper for Panopto's SOAP API. Please look at the python-soap project to see if that can help you get started.

    I hope that this helps. Please let me know if you have any other questions.




  • Options

    Well I see that IUserManagement has a method GetUsersInGroup and IAccessManagement seems to be the way to give a user access to a folder or add them to a group. So with those interfaces, what I want to do should be possible with the SOAP API.

  • Options

    @Kevin Baum After some initial attempts, I cannot seem to authenticate with the SOAP API. We do not use Panopto internal accounts but unified Moodle/SSO accounts. A comment in the Python SOAP example says "password of admin user on Panopto server. Only required if external provider does not have a bounce page." Our SSO has a bounce page, so a password should not be necessary. See below; the SOAP client is working because the unauthenticated call works but the auth does not. I've tried:

    • prefixing the userkey with the providername plus a slash "sso.cca.edu\\ephetteplace"
    • passing just the username without a provider prefix
    • providername = "sso.cca.edu", "unified", and our LMS IDP (with it's different app key)
    • setting "Password": None in the AuthenticationInfo dict
    • UTF-8 versus latin-1 encoding in the hash digest

    I also tried against our staging server which does allow password authentication but that still did not work. In an example like the below but using Panopto internal accounts, it's unclear to me what the application key would be, because the panoptointernal IDP does not have one, it lists a provider ID which I tried but that did not work. I would really like a concrete example of SOAP authentication that works in python 3, considers provider name, etc. because something seems to be left out.


    import hashlib

    from pysimplesoap.client import SoapClient

    def generateauthcode(userkey, servername, sharedSecret):

    payload = userkey + "@" + servername

    signedPayload = payload + "|" + sharedSecret

    m = hashlib.sha1()


    authcode = m.hexdigest().upper()

    return authcode

    userkey = "ephetteplace"

    providername = "sso.cca.edu"

    applicationkey = "SECRET"

    servername = "ccarts.hosted.panopto.com"

    auth_client = SoapClient(

    wsdl="https://" + servername + "/Panopto/PublicAPI/4.2/Auth.svc?wsdl"


    print("Server version:", auth_client.GetServerVersion()) # works

    user_client = SoapClient(

    wsdl="https://" + servername + "/Panopto/PublicAPI/4.6/UserManagement.svc?wsdl"


    authcode = generateauthcode(f"{providername}\\{userkey}", servername, applicationkey)

    AuthenticationInfo = {"AuthCode": authcode, "UserKey": userkey}

    # does not work, "Unable to authenticate the user."

    print("get user", user_client.GetUserByKey(auth=AuthenticationInfo, userKey=userkey))

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Eric,

    I will need some additional information on the user and ID Provider you are using in order to continue to look into this for you. Would you please open a ticket with Panopto Support, so that we can get some additional information?

    Please let me know if you have any questions.



Sign In or Register to comment.