Authenticate using OAuth 1.0a (OneRoster 1.1) or OAuth 2.0 client credentials (as supported by the vendor) to obtain a bearer token
Retrieve all organizations with GET /ims/oneroster/v1p1/orgs to map school sourcedIds to human-readable names
Fetch all classes with GET /ims/oneroster/v1p1/classes, using the limit and offset query parameters to paginate through large result sets
Retrieve enrollments with GET /ims/oneroster/v1p1/enrollments to link users to classes; filter by classSourcedId or schoolSourcedId if supported
Cross-reference users via GET /ims/oneroster/v1p1/users to resolve student and teacher profiles using their sourcedId as the stable identifier
Known gotchas
OneRoster sourcedIds are the canonical stable identifiers; do not use displayName or username as join keys because those can change
Deleted records have a status field set to 'tobedeleted' rather than being removed from the response; your sync logic must check this field and tombstone the corresponding records locally
Not all vendors implement the full OneRoster 1.1 surface; some omit endpoints like /academicSessions or /gradingPeriods; test against your specific vendor's conformance certificate before relying on those endpoints
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp