Skip navigation

Skip to main content

The Canva Admin API is currently provided as a preview and is subject to change.
API reference
Authentication
Organizations
Teams
Groups
Users
Audit events

Authentication

The Canva Admin API uses an OAuth 2.0 bearer token to authenticate requests, as part of the OAuth Client Credentials flow(opens in a new tab or window).

Prerequisites

Before attempting to generate an access token, you must first create and configure an Admin API client in your Canva organization settings, including:

  • Setting a client name and getting a client ID
  • Generating and saving a client secret
  • Selecting scopes

For more information, see Creating clients.

Authentication and authorization process

The authentication and authorization process works as follows:

  1. Use the Generate an access token endpoint to generate an access token. In the request, you must include the client ID, client secret, and scopes.
  2. When making requests to the Admin API resource endpoints, put the access token in the Authorization header to authenticate the requests.
  3. When the access token expires, generate a new access token using the Generate an access token endpoint.