Skip navigation

Skip to main content

API reference
Intents: Asset
Intents: Content
Intents: design
API reference

design.verifyToken

API reference for the design.verifyToken method.

This API is a preview. Preview APIs are unstable and may change without warning. You can't release public apps using this API until it's stable.

Usage: Extract design token from query parameter:

import { design, tokenExtractors } from '@canva/app-middleware/express';


app.get('/api/design/data', design.verifyToken({
  appId: 'your-app-id',
  tokenExtractor: tokenExtractors.fromQuery('design_token')
}), handler);
TYPESCRIPT

Parameters

optionsDesignAuthOptions
Required

Configuration options

appIdstring
Required

The ID of the Canva app, obtained via the developer portal canva.com/developers.

tokenExtractorTokenExtractor
Required

A function that extracts the design JWT token from the request. Unlike user tokens, design tokens have no default extractor and must be explicitly configured based on how your app passes the design token.

Example

tokenExtractor: tokenExtractors.fromBearerAuth()
tokenExtractor: tokenExtractors.fromQuery('design_token')
tokenExtractor: tokenExtractors.fromHeader('X-Design-Token')
TYPESCRIPT

Parameters

reqRequest
Required

Returns

cacheMaxAgeMinutesnumber
Optional

The maximum age of the JWKS cache in minutes.

Default value: 60

timeoutMsnumber
Optional

The timeout for the JWKS fetch in milliseconds.

Default value: 30000

baseUrlstring
Optional

The base URL for the JWKS endpoint.

Default value: "https://api.canva.com"

Returns

Express middleware that verifies design JWT tokens.

RequestHandler