Authenticate to the OneRoster 1.2 provider endpoint using OAuth 2.0 client credentials to obtain an access token
On first run, perform a full sync: GET /ims/oneroster/rostering/v1p2/orgs, /classes, /enrollments, /users with pagination, storing the maximum dateLastModified value encountered as your sync cursor
On subsequent runs, GET each resource collection with a filter parameter: filter=dateLastModified>'{lastSyncTimestamp}' using ISO 8601 format to retrieve only records changed since the last sync
Process returned objects: insert new records (where the sourcedId does not exist locally), update changed records, and remove records where status='tobedeleted'
For each processed object, update your local store's dateLastModified index to detect future changes accurately
Advance the sync cursor to the current run's start timestamp (captured before the first request) to avoid missing objects updated during the sync window
Known gotchas
Not all OneRoster 1.2 providers implement the filter parameter on dateLastModified — some return a 400 or silently ignore the filter and return all records; test filter support against the specific provider before relying on delta sync behavior
Using the end-of-run timestamp as the next cursor (rather than start-of-run) risks missing objects updated during the sync window if the run takes more than a few seconds — always capture the cursor timestamp before the first API call
Status='tobedeleted' is the OneRoster mechanism for soft deletion; providers are not required to permanently remove objects, so your local store must check this field on every object in every delta response, not just net-new records
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp