Canvas Guides (en)Canvas GuidesCanvas Admin Guide APIHow do I manage API access tokens as an admin?

How do I manage API access tokens as an admin?

You can manage API access tokens from your User Settings. Access tokens provide access to Canvas resources through the Canvas API. Access tokens can be generated automatically for third-party applications or created manually.

Using the Canvas API allows the access token holder to access the same Canvas resources that you can access. For example, third-party applications, including devices you have used to open the Canvas mobile apps, are authorized to access Canvas on your behalf. API calls require authorization and are made on behalf of an authorized user.  For more information on using the Canvas API, view the Canvas API documentation.

Once you have a Canvas login you can create one of these access tokens to use for testing your development projects. This token must be included as a URL query parameter in any API calls made to Canvas.

Canvas tokens align with Canvas permissions. If your Canvas account is deleted, your tokens will be revoked. If you no longer have an administrative role in Canvas, your previously generated tokens will adjust to your new permissions.

Note:

  • Users with masquerading privileges cannot remove the token on behalf of other users.
  • Canvas admins cannot bulk delete API access tokens for users at their institution. For assistance with deleting access tokens for other users, contact your Customer Success Manager.

Open User Settings

Open User Settings

In Global Navigation, click the Account link [1], then click the Settings link [2].

View Access Tokens

Third-party applications with access tokens and user-generated access tokens are listed in the Approved Integrations section [1].

For each access token, you can view the name [2], purpose [3], expiration date [4], and date of last use [5].

Note: Mobile access tokens never expire. To remove access for a mobile application, the access token must be deleted.

Add Access Token

Add Access Token

To add an access token, click the Add New Access Token button.

Add Token Details

Add Token Details

Enter a description for your access token in the Purpose field [1]. You can also select an expiration date by clicking the Calendar icon [2]. To generate a token with no expiration, leave the Expires field empty.

To generate a new access token, click the Generate Token button [3].

View Access Token

View Access Token

View the token description [1]. To view details for the token, click the details link [2].

View Token Details

View Token Details

The access token details include a token that can be used to make API calls on your behalf [1].

To regenerate an access token, click the Regenerate Token button [2].

Delete Access Token

Delete Application

To delete an access token, click the Delete icon.

Confirm Deletion

Confirm Deletion

To confirm the deletion, click the OK button.