Hello,
I wanted to document something I found while trying to automate the Canvas course Accessibility report scans:
After checking the Network tab under Chrome's DevTools, I found that pressing the "Update Report" button does not call a normal Canvas API route under /api/v1/. Instead, it calls an internal Canvas route directly at POST /courses/{course_id}/accessibility/course_scan.
This POST request starts the accessibility scan, but it needs to be used with a Canvas CSRF token.
A GET request to the same route can be used to check the current status of the scan and doesn't seem to require the CSRF token.
This finding allowed me to build a Tampermonkey script that can go through a list of courses and automatically "click" the "Update Report" button, allowing the scan to start.
I'm sharing this in case anyone else is trying to automate Accessibility report scans in bulk.
The script attached includes all of the code necessary for this bulk scan. Once imported into Tampermonkey, it will add a gear icon to the left navbar of Canvas pages that allows the user to access the tool.
