API Tokens and Canvas

Application Programming Interface (API) tokens are used to allow external applications to access user data via an application’s API. Canvas has a robust API that can be used to retrieve, create, edit, and delete Canvas data. User-generated API tokens grant you the same level of access as you normally have in Canvas. For example, if you are an instructor, your token will allow you to retrieve, add, update, and delete data in your own classes via the API, but you will not have access to classes in which you are not enrolled.

These API tokens act as credentials and should be treated as sensitive information.

Any individual or application that has your user token will have full access to your Canvas data, just as they would if you shared your Emory login credentials. You should not provide your API access token to any other individual or a vendor. Sharing your API token with an unauthorized third party is a violation of University IT policies as described at the links below:

• Information Technology Conditions of Use (5.1)

• Enterprise Password Policy (5.15)  

If you have given a third party access to your API token, you should delete it IMMEDIATELY.

For more information about Canvas API tokens, email the Canvas team at classes@emory.edu.