Moodle is aware that a part of the teaching and learning experience of our users happens through integration partners. As makers of open source software, we believe that one of our strengths is openness to pair Moodle with what best suits your needs. If your training is based on peer learning and you need the best-in-breed for exactly that, an open architecture lets you connect your tool of choice.
Our Certified Integrations Program is our effort to ensure the quality and compatibility of third-party integrations with our products. Before we welcome any tool into our Certified Integrations family, we follow a rigorous process to ensure that the integrations meet our standards for user experience, reliability, security and performance.
We evaluate the following different aspects of an integration.
User experience
Our user experience (UX) review process involves evaluating aspects such as interface design, navigation flow, accessibility, and overall usability. By conducting thorough UX reviews, we ensure that the integration provides an intuitive and engaging experience for end users, enhancing their satisfaction and productivity. We also ensure that the tool’s design choices coexist in harmony with the user experience that Moodle provides.
In addition to certifying them, we also provide continuous support to ensure the ongoing compatibility and reliability between Moodle and the partnering tool.
Coding standards
When an integration is accomplished by means of a custom plugin, there is not only the user experience and accessibility to validate, but we also look closely at the code of the integration itself.
We use the publicly available plugin contribution checklist, to provide detailed feedback aimed at enhancing the quality of the plugin. Through different peer reviews and rigorous evaluation, we offer valuable insights and recommendations to ensure that the plugin meets the highest standards of performance, security and data management.
Note that our plugin guardians also demand that the most basic security items are correctly carried out before accepting any plugin to the Plugin Directory. However, when we certify an integration, we validate a greater range of aspects, plus generally demand careful contemplation of Moodle’s coding guidelines.
We’d like to highlight the five most common errors we encounter during our Certified Integrations plugin reviews in order to showcase our work with some examples. This is about to get technical for the following 5 numbered items; you can directly check the section on Business practice for more information.
1. Privacy
In order to inform about all the personal data that the plugin processes, Privacy API should be implemented. See the documentation for more information
2. Third party libraries
All additional files contained in the plugin ZIP package (such as third-party libraries used by the plugin) should be defined in the thirdpartylibs.xml. The link below shows the correct format. https://moodledev.io/docs/apis/commonfiles#thirdpartylibsxml
3. User input
As an application, you cannot trust any input from users and simply run, as it may include code. It is not recommended to access $_GET, $_POST or $_REQUEST directly. Instead, clean up the input using optional_param or required_param with an appropriate PARAM_… type.
4. Cross-DB compatibility
To make the plugin cross-database compatible, it is necessary to avoid DB engine-specific syntax. It is recommended to use the Moodle data manipulation API to avoid problems, which is often overlooked.
More specifically, the use of database engine-specific functions in SQL queries is not recommended.
5. Database security
In order to prevent SQL injection, always use data placeholders in your queries (? or :named) to pass data from users into the queries.
Our documentation contains more information on coding best practices for plugins.
Business practice
Certified Integrations connect to tools and services that go to market in a number of different formats. We also try to make sure that we promote tools that we believe will remain in the market for the foreseeable future. This is obviously very hard to assess, but by making sure that the company behind the Certified Integration has good business practices and a certain size and life in their achievements, we can estimate the ability of the company to survive, grow and help your teaching experience thrive with them.
Support process
As part of our support process, we offer detailed assistance to the development team by providing feedback to achieve a high-quality codebase. This feedback encompasses various aspects of the plugin, including code structure, functionality, user experience, and adherence to coding standards. We also actively contribute to the improvement of the codebase by providing code snippets, suggesting optimisations, and addressing any identified issues. Our goal is to collaborate closely with the team to enhance the overall quality and performance of the plugin.
Testing
We perform extensive testing to confirm the integration’s compatibility across different versions of Moodle, as well as across various operating systems, browsers, and devices. The plugin must seamlessly function with all current official Moodle releases in order to be certified, which is the same high standard that we apply to our own code.
In summary, Moodle Certified Integrations are the culmination of a meticulous quality assurance process designed to guarantee the reliability, security, and performance of third-party integrations. By adhering to strict standards and conducting comprehensive testing, we ensure that certified integrations deliver a seamless experience for Moodle users.
