Skip navigation

Skip to main content

The Canva Admin API is currently provided as a preview and is subject to change.
Authentication
Authentication

Generate an access token

This endpoint implements the OAuth 2.0 token endpoint, as part of the Client Credentials flow(opens in a new tab or window). It lets you generate an access token that's used to authenticate requests to resource endpoints in the Canva Admin API.

Requests to this endpoint require authentication with your Admin API client ID and client secret.

You must use basic access authentication(opens in a new tab or window), where the {credentials} string must be a Base64 encoded value of {client id}:{client secret}.

HTTP method and URL path

POST https://api.canva.com/auth/v1/oauth/token

Header parameters

Authorizationstring
Required

Provides credentials to authenticate the request, in the form of basic access authentication(opens in a new tab or window). The {credentials} string must be a Base64 encoded value of {client id}:{client secret}.

For example: Authorization: Basic {credentials}

Content-Typestring
Required

Indicates the media type of the information sent in the request. This must be set to application/x-www-form-urlencoded.

For example: Content-Type: application/x-www-form-urlencoded

Body parameters

grant_typestring
Required

Must be set to client_credentials.

scopestring
Optional

Optional scope value. Separate multiple scopes with a single space between each scope.

The requested scope can't include any scopes that aren't selected in the client settings. Providing a subset of the client's scopes lets you limit the permissions for a token.

If this parameter is omitted, the token that is generated includes all the scopes that are selected in the client settings.

We strongly recommend that you always specify the scope that you want to include in the token.

Example request

Examples for using the /v1/oauth/token endpoint:

curl --request POST 'https://api.canva.com/auth/v1/oauth/token' \
--header 'Authorization: Basic {credentials}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=admin:user:read admin:organization:read'
SH

Success response

If successful, the endpoint returns a 200 response with a JSON body with the following parameters:

access_tokenstring

The bearer access token to use to authenticate to Admin API endpoints.

token_typestring

The token type returned. This is always Bearer.

expires_ininteger

The expiry time (in seconds) for the token.

Example response

{
  "access_token" : "eyJraWQiOiI2OWMwYzgwNS1lNGQwLTQyNDgtOWQzZi0yODEyZTI2OGYwM2UiL",
  "token_type" : "Bearer",
  "expires_in" : 14400
}
JSON