...
Boolean. If true, signed backchannel request must include a timestamp to prevent replay attacks. If false, the timestamp can be included and, if present, will be included in the signature validation, but needn't pass a "freshness" check. Default is true.
TBD: When was this added?
signedUrlToLiveMinutes
If checkTimeStampRange is true, timestamps sent on signed backchannel requests must evaluate to a time within this number of minutes (plus or minus) of current server time. Default is 5.
...
When sent by itself (i.e. without formattedCourse and/or sectionCode, this identifier is an ambiguous roster identifier and will be considered an error condition). In pre-2.5.x 0 deployments prior to 2.5.0, it was often sufficient to send only formattedCourse and termCode, but this was dependent v_external_faculty_course uniquely identifying a section using only those two fieldsthat field, which is at odds with usage of those fields that field's usage elsewhere in v_external_faculty_course_roster external_* tables, and is not recommended when using this protocol in 2.5.0+. TBD: The 2nd paragraph in the description is wrong... this is new as of 2.5.0.(It may still be necessary for formatted_course and term_code to uniquely identify a section in those tables, though, in order to support the Early Alert portlet's native roster selection UI.)
studentSchoolId
This is the identifier of a student who is enrolled in the targeted section/roster. This value must match the school_id column in the v_external_faculty_course_roster view for the targeted section/roster, and it must also be consistent with values in external_person.school_id and person.school_id representing this student in the SSP database.
...