Course Marketplace Architecture Pack

Engineers building a course marketplace often start with a clean slate: a REST API for courses, a database for enrollments, and a React frontend. It works beautifully in isolation. Then a vendor drops a SCORM 2004 package, or an enterprise client demands LTI Advantage integration, and the architecture cracks. You're no longer building a product; you're maintaining a legacy integration layer. You end up writing custom parsers for every standard, guessing at JSON structures for xAPI statements, and hoping your privacy filters actually comply with FERPA. We've seen teams spend weeks reverse-engineering LTI launch flows because they treated interoperability standards as "nice-to-have" add-ons instead of foundational architecture. The result is a fragile codebase where every new content vendor requires a custom middleware patch.

The "zoo" of EdTech standards is the silent killer of marketplace velocity. SCORM 1.2 and SCORM 2004 have different runtime environments. xAPI (Experience API) and cmi5 both track learning, but they use different data models. LTI 1.1 is a legacy handshake; LTI Advantage is a modern OAuth 2.0 flow. When you try to support all of them with custom code, you introduce JSON schema drift. A vendor updates their package, your parser chokes, and suddenly your LMS integration is broken. If you're also looking to set up the LMS environment for your users, you'll find that a broken marketplace API makes the entire onboarding experience fall apart.

The Hidden Cost of "Rolling Your Own" Standards

When you ignore the interoperability matrix, the bill comes due in three places: engineering hours, student trust, and compliance risk.

• Engineering Drag: Every new content vendor brings a different standard. If you don't have a unified intake pipeline, your team spends 20-40 hours per vendor just mapping JSON schemas and debugging LTI JWT validation ^[8]. This is dead time where you aren't shipping features. You're reading RFCs instead of building your product.
• Student Friction: A broken xAPI endpoint means a learner completes a 4-hour simulation, hits "Finish," and the system records zero progress. You lose the sale, and the student loses trust. If you're also building an adaptive learning engine, this friction compounds because the spaced repetition algorithm can't schedule reviews without accurate completion data. Your students expect their progress to persist across devices; a missing xAPI statement breaks that promise.
• Compliance Exposure: EdTech platforms handle sensitive student data. If your architecture doesn't bake in privacy-by-design, you're liable. Guidance from the Department of Education emphasizes that third-party tools must meet strict data handling requirements to protect student privacy ^[3]. If your marketplace leaks PII because you didn't enforce privacy-level mapping in your LTI deployment, you're looking at FERPA violations. And if you're handling accessibility, you need to ensure your platform meets WCAG 2.2 AA requirements, or you risk ADA Title II non-compliance. The legal and reputational cost of a privacy breach or accessibility lawsuit far outweighs the cost of building it right the first time.

A Marketplace That Tried to Skip the Standards

Imagine a team launching a B2B course marketplace for corporate training. They build a sleek frontend and a Node.js backend. They decide to support "all major standards" by writing custom middleware. They treat SCORM, xAPI, and LTI as optional modules.

For SCORM, they write a basic SCO tracker that only handles cmi.core.score.raw. For xAPI, they guess the Actor/Verb/Object structure and hope the LRS accepts it. For LTI, they hardcode OAuth client IDs and skip the nonce validation, assuming it's just a formality.

Three months in, a major vendor submits a cmi5 package. Your custom SCORM tracker chokes on it because cmi5 uses a different launch flow. The xAPI statements arrive with non-standard verbs, breaking your analytics dashboard. The LTI launch fails because the privacy-level mapping doesn't match the institution's LMS requirements, and the student is locked out.

The team scrambles. They realize that xAPI is actually designed to transfer data about activities across platforms, not just track simple course completion ^[1]. They also discover that LTI is a technical standard meant to connect tools without login overhead, not a product you can hack together ^[6]. They had to rewrite the entire ingestion layer, delaying launch by six weeks and burning through their runway. They could have saved months by using a structured workflow for course creation that included interoperability from day one. Instead, they spent their runway fighting the standards they should have been leveraging.

What Changes When You Install the Pack

Once the Course Marketplace Architecture Pack is in your repo, the ambiguity disappears. You stop guessing and start shipping.

• Interoperability is Solved: You get a production OpenAPI 3.1 spec that covers course catalog, enrollment, xAPI ingestion, and LTI Advantage launches. Your frontend and backend sign the same contract. No more "it works on my machine" integration failures.
• Compliance is Automated: The Spectral ruleset enforces WCAG 2.2 headers and privacy field requirements on every API call. If a course package misses accessibility metadata, the CI/CD gate blocks it before it hits production. You don't need a legal team to review every API response; the tool does it for you.
• LTI Works Out of the Box: The Kubernetes deployment manifest for LTI Advantage includes OAuth 2.0/JWT validation and SCORM/xAPI proxy routing. You can onboard institutional LMS partners in hours, not weeks. The lti-deployment.yaml handles the heavy lifting of ConfigMap management and privacy-level mapping, so you don't have to reinvent the wheel.
• Data Integrity: The course manifest schema aligns with SCORM 2004 runtime and xAPI structures, guaranteeing that course packages from different vendors behave identically in your environment. This is critical if you're planning to add digital credentialing to your marketplace, as your credentialing system needs to ingest and validate course data without custom mapping.
• CI/CD Gates: The validate-package.sh script and tests/run-validation.sh harness ensure that every submission passes schema validation, spectral linting, and accessibility checks. You can enforce these gates in your pipeline, so bad data never reaches your users.

If you're building a multi-vendor platform, the multi-vendor marketplace architecture complements this by handling payment splits and vendor isolation, while this pack handles the content delivery layer. For teams focused on personalized learning, integrating a learning analytics dashboard becomes seamless because your data is already structured and standardized.

What's in the Course Marketplace Architecture Pack

• skill.md — Orchestrator: defines the end-to-end workflow for designing a scalable course marketplace, includes interoperability decision matrix (SCORM/xAPI/LTI/cmi5), compliance gates (WCAG 2.2/ADA Title II), and references all supporting templates, validators, scripts, and examples.
• templates/openapi-edtech.yaml — Production OpenAPI 3.1 specification for marketplace APIs covering course catalog, enrollment lifecycle, xAPI statement ingestion, LTI Advantage launch endpoints, and WCAG compliance headers.
• templates/lti-deployment.yaml — Kubernetes deployment manifest + ConfigMap for LTI Advantage service, including OAuth 2.0/JWT validation, SCORM/xAPI proxy routing, and privacy-level mapping for institutional LMS integration.
• templates/course-manifest.schema.json — JSON Schema for course package metadata, aligned with SCORM 2004 runtime environment and xAPI Actor/Verb/Object structures to guarantee cross-platform interoperability.
• references/edtech-standards.md — Canonical knowledge base: detailed comparison of SCORM, xAPI, LTI Advantage, cmi5, and OneRoster; interoperability patterns; FERPA/GDPR data privacy requirements; and a decision matrix for standard selection.
• references/accessibility-compliance.md — WCAG 2.2 AA requirements, ADA Title II & Section 508 mandates, multi-modal content delivery patterns, pause/review compliance, and automated accessibility testing integration for EdTech platforms.
• scripts/validate-package.sh — Executable workflow: extracts course package archives, validates manifest against JSON Schema, checks for required accessibility metadata and xAPI/SCORM markers, and outputs structured pass/fail reports.
• validators/spectral-edtech.yaml — Spectral ruleset enforcing EdTech API constraints: required xAPI endpoints, LTI launch schema validation, mandatory WCAG compliance headers, and strict privacy field enforcement.
• tests/run-validation.sh — Test harness: orchestrates schema validation, spectral linting, and accessibility checks; exits non-zero on any failure to enforce CI/CD gates for marketplace submissions.
• examples/course-manifest.json — Production-grade example course manifest demonstrating xAPI/SCORM hybrid metadata, accessibility tags, LTI deployment hooks, and compliance markers.
• examples/lti-advantage-config.json — Realistic LTI Advantage configuration example with OAuth 2.0 client credentials, placement settings, privacy level mapping, and SCORM/xAPI proxy routing rules.

Stop Guessing, Start Shipping

Building a course marketplace is hard enough without fighting interoperability standards. Upgrade to Pro to install the Course Marketplace Architecture Pack and ship with confidence. The pack gives you the technical foundation to handle SCORM, xAPI, LTI, and compliance out of the box, so you can focus on building the features that make your marketplace unique. If you need to extend the platform with cohort-based learning or adaptive curriculums, this pack ensures your core architecture is robust enough to support it.