Access Tokens

From TechHelp@MCLA
Revision as of 19:27, 27 January 2021 by A10001033 (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Canvas allows for programmatic access to some pieces of information via the Canvas API. API calls require authorization, and are made on behalf of an authorized user. The information returned will be different depending on the user you are representing, their roles and permissions. We are using OAuth2 for remote services to allow access to resources (note: we haven't yet completely the typical Oauth-user delegation flow, but have a pre-generation utility that can be used in the mean time), which means that all API calls will need to be over https, and will require an access token as a means of representing the user.

You can see the most up-to-date documentation on github (note: this link is to the most up-to-date API interface, which may or may not be accurate for locally installed instances of Canvas. If you are not using Canvas Cloud, talk to you site administrator about getting an accurate set of API documentation. Admins, you can generate this documentation by running rake doc:api on the console).


Obtaining an Access Token

Approved Integrations on the user profile page
Generating an access token
Reviewing access token details

In a user's profile, there is a section titled, "Approved Integrations". This is a way for a user to create an access token that can be shared with a third party, giving the remote service permission to access Canvas resources on behalf of the user. The user can give a name to the external tool for easier identification, set an expiration, and even revoke access to the API by deleting the token.

Once you have a Canvas login you can create one of these access tokens to use for testing your development projects. Copy down the token string. This token must be included as a URL query parameter in any API calls made to Canvas.

Making API Calls With an Access Token

All API calls must also be made over https. The access token must be included as a URL query parameter in any API calls made to Canvas. For example, the endpoint to grab the user's list of courses is

GET /api/v1/courses.json

If Bob's access token were "token_of_magical_power" then you would call

GET /api/v1/courses.json?access_token=token_of_magical_powers

to retrieve Bob's list of courses.

For a detailed example of using the API, check out the API basics documentation on github.