Skip to content
Open the app

The event feed

Developers2 min read

If your institution already publishes events as a calendar feed, First Six can pull them in rather than asking staff to re-enter them. You host a standard iCalendar feed; First Six reads it.

What you provide

A single iCalendar (.ics) URL over HTTPS that lists your events. Standard VEVENT fields are read:

  • UID, SUMMARY, DTSTART, DTEND, LOCATION, DESCRIPTION
  • All-day events (a date-only DTSTART)
  • Recurring events via RRULE, with EXDATE exclusions honoured

Recurring events are expanded forward a bounded number of weeks, so a weekly series shows up as individual occurrences. Each occurrence is de-duplicated by its UID plus its date, so re-syncing updates events in place rather than duplicating them.

How it runs

  1. Configure the feed

    The feed URL is set per institution. Staff can run a sync manually from the console (including a dry-run to preview what would change).

  2. It also syncs automatically

    Enabled feeds are picked up on a schedule, so events stay current without anyone pressing a button.

  3. Outcomes are recorded

    Each sync reports what was added, updated, archived, and skipped, and the run is logged.

The fetch is hardened against SSRF

Because First Six fetches a URL you supply, the fetch is locked down: HTTPS only, public hosts only (private and link-local ranges are refused), redirects are limited and re-validated, and there are timeout and size caps on the download. Host the feed on a normal public HTTPS endpoint and it'll work; point it at an internal address and it won't.

Limits to design for

  • HTTPS, public host. Internal-only URLs are rejected by design.
  • Size and time caps. Oversized or slow feeds are cut off, so keep the feed lean (it doesn't need years of history — a working window around now is enough).
  • Recurrence is bounded. Very long or unbounded recurrences are capped per event to keep expansion sane.

How it surfaces

Imported events appear in the student app's events browser and weekly content, and sit alongside the rest of your library. Students can add events to their own calendar feed.

Common questions

What if our feed is behind authentication?

The sync fetches a public HTTPS URL. If your calendar requires auth, expose a dedicated read-only feed URL (many systems offer a secret-token feed URL) on a public endpoint.

Will syncing twice create duplicates?

No — occurrences are keyed by UID and date, so re-syncs reconcile in place. Stable UIDs in your feed are what make this work.

Is this required?

No. It's an optional convenience. Staff can author events directly without any feed.

The SIS sync endpointPush your student roster into First Six — the endpoint, authentication, payload, idempotency, and rate limits.Authentication, rate limits, and errorsThe conventions every First Six integration shares — bearer-token auth on the machine endpoints, rate limits, and error shapes.The resource libraryThe student-facing library — quick links, help routes, Ask Anything answers, and campus maps — and how to keep it current.
Was this helpful?
Need more help?

The fastest answer is usually one question away.

Edit this page on GitHub