Open Skills Logo
Open Skills

moodle-external-api-development

Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter validation, database operations, error handling, service registration, and Moodle coding standards.

Author

@sickn33

Category

Development Tools

Install

Hot:0

Download and extract to your skills directory

Copy command and send to OpenClaw for auto-install:

Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-moodle-external-api-development&locale=en&source=copy

Moodle External API Development - A Complete Guide to Developing Custom Web Services for Moodle

Skills Overview

This is a skill specifically designed for Moodle LMS developers, providing a complete solution for creating custom external Web Service APIs, covering end-to-end best practices from parameter validation to service registration.

Applicable Scenarios

  • Developing Custom Interfaces for Moodle Plugins

    • When you need to create external APIs for local or course module plugins, this skill helps you quickly build external functions that comply with Moodle standards. It supports REST interfaces for various business scenarios such as course management, user data synchronization, and grade lookups.

  • Building a Backend for a Mobile Application

    • If you are building a mobile application based on Moodle, this skill offers a complete plan for creating backend APIs. It includes implementations for common interfaces such as user authentication, course data retrieval, quiz submission, and grade lookup, as well as integration guidance with Moodle Mobile Services.

  • Integrating Third-Party Systems

    • When you need to connect Moodle with external systems (such as HR systems, ERP, or data analytics platforms), you can use this skill to create secure data exchange interfaces. It covers security best practices such as parameter validation, permission checks, and SQL injection prevention.

    Core Features

  • Implementing the Three-Method Architecture Pattern

    • Strictly follow Moodle external API framework requirements by implementing the three core methods: execute_parameters(), execute(), and execute_returns(). Provides complete parameter type definitions (PARAM_INT, PARAM_TEXT, PARAM_BOOL, etc.) and return structure configuration examples (external_value, external_single_structure, external_multiple_structure).

  • Secure Development Standards

    • Includes a full security check workflow: parameter validation (validate_parameters), context validation (validate_context), capability checks (require_capability), and SQL injection protection. Provides best-practice code examples for transaction management, error logging, and exception handling.

  • Service Registration and Testing

    • Explains in detail how to write the services.php configuration file, including key parameters such as classname, methodname, type, ajax, capabilities, and more. Offers three testing methods: Moodle Web Services test client, cURL command line, and JavaScript AJAX calls.

    Frequently Asked Questions

    How do I create a custom web service in a Moodle plugin?

    Creating a Moodle custom web service involves the following steps:

  • Create an API class file in the plugin’s classes/external/ directory, inheriting from the external_api base class

  • Implement the three required methods: execute_parameters() to define parameters, execute() to implement business logic, and execute_returns() to define return values

  • Register the service in db/services.php, specifying class name, method name, capability requirements, etc.

  • After clearing the cache, you can call it via REST or AJAX

    • The class file must use the correct namespace (e.g., local_yourplugin\external) and include the security check defined('MOODLE_INTERNAL') || die().

    How do I fix a “Function not found” error in Moodle web services?

    “Function not found” is the most common error. Follow these steps to resolve it:

  • Clear cache: Go to Site administration > Development > Purge all caches

  • Check services.php: Confirm that the function name, class name, and namespace match exactly

  • Verify file path: The file path referenced by classpath must exist and be readable

  • Check namespace: The namespace of the class file must match the classname specified in services.php

  • Confirm protocol is enabled: In Site administration > Plugins > Web services > Manage protocols, enable the REST protocol

    • If the issue persists, enable debugging mode (Site administration > Development > Debugging) to view detailed error information.

    How does a Moodle external API perform permission checks and prevent SQL injection?

    Moodle external API permission checks and security protection:

    Permission check flow:

    // 1. Get context
$context = \context_course::instance($courseid);
self::validate_context($context);

// 2. Check capability
require_capability('moodle/course:view', $context);

// 3. Verify user permissions
if ($userid != $USER->id) {
    require_capability('moodle/course:viewhiddenactivities', $context);
}

    Preventing SQL injection:

  • Always use parameterized queries with :paramname placeholders

  • Do not concatenate user input into SQL strings

  • Use Moodle database APIs such as get_record(), get_records_sql(), insert_record(), etc.

  • All input parameters must be validated first via validate_parameters()

    • Error handling:
    Use try-catch blocks to catch exceptions, record detailed logs (including the SQL query and stack trace), and then rethrow the exception so it can be handled by higher layers.