Post back results to my server


I'm hoping to create h5p assessment content and embed it in website.  Once a user submits a response, I'd like to be able to record whether they get an answer correct or not.  Is there a secure way to do this?  And, I'm not looking for a full solution, just whether this is possible and a link or two to get started.

Thanks so much!

BV52's picture

Hi kreut,

H5P emits data in the form of xAPI statements and you will need a plugin or custom code to listen to these statements and a data store such as a learning record store to save them in. 

I highly recommend looking through these documentation:


Those resources are super helpful, thank you for "turning on the lights".  And, after taking a look through both, I have a few more big picture follow-up questions.

1.  In your first link, it looks like I can just use:

 H5P.externalDispatcher.on('xAPI', function (event) {  console.log(;});

to see what the results of the submission was.  However, in the same link, it says:

"You can't embed H5P from an external site and use JavaScript on your own site to track what the learner does within the H5P content. The example code here only works if the content and the code is hosted on the same site."

This makes sense to me because of the use of an iframe in presenting the H5P.  So, assuming that I install H5P on my own site, I'll be able to use the javascript code from above, correct?

2.  Is using a "Learning Record Store" necessary? If my use case is to just see whether a question was submitted correctly or not, can I just save the information that I get in the javascript call from above to my own database and (possibly) do my own integration with an LMS using LTI? Or am I missing the boat on what exactly a Learning Record Store is?

Thanks again!

otacke's picture

Hi Kreut!

You're correct with #1. You cannot listen to xAPI statements from inside the iframe if it doesn't have the same site origin an the surrounding evironmemt. You'd have to implement some custom post-messaging system (ideally using some encryption, because xAPI statements may contain private data). Not that complicated, but maybe not a good idea either.

An LRS is not a gradebook, and xAPI is not intended to keep track of scores, although it can. It's way more. Maybe this post holds some relevant information:



Thanks so much for the comment!  And, after a bunch of googling I actually had found out about postMessage which I've implemented.  However, I hadn't thought about the encryption piece and it's given me some more food for thought.

otacke's picture

You'd definitely want encryption and/or an HTTP Feature Policy that prevents others from embedding these contents. Otherwise, anyone could retrieve the xAPI data.

Will do!

Thanks again...