API reference

Asset

getTemporaryUrl findFonts openColorSelector requestFontSelection upload Changelog

Design

addAudioTrack addElementAtCursor addElementAtPoint addPage bulkCreate.launch

createRichtextRange editContent

getCurrentPageContext getDesignMetadata getDesignToken initAppElement openDesign

overlay.registerOnCanOpen publish.launch

requestExport selection.registerOnChange setCurrentPageBackground ui.startDragToCursor ui.startDragToPoint

Intents: Asset

prepareUrlExpander

Intents: Content

prepareContentPublisher

Intents: data

prepareDataConnector

Intents: design

prepareDesignEditor

Platform

appProcess appProcess.broadcastMessage appProcess.current appProcess.current.getInfo appProcess.current.requestClose appProcess.current.setOnDispose appProcess.requestClose appProcess.registerOnMessage appProcess.registerOnStateChange features.isSupported features.registerOnSupportChange getPlatformInfo notification.addToast requestOpenExternalUrl

User

auth.getCanvaUserToken auth.initOauth

App middleware

initUserTokenVerifier

Changelog

App middleware: Express

tokenExtractors

user.verifyToken

API reference

user.verifyToken

API reference for the user.verifyToken method.

This API is a preview. Preview APIs are unstable and may change without warning. You can't release public apps using this API until it's stable.

Usage

Basic usage with default Authorization header:

import { user } from '@canva/app-middleware/express';

app.use(user.verifyToken({ appId: 'your-app-id' }));

TYPESCRIPT

With custom token extraction:

import { user, tokenExtractors } from '@canva/app-middleware/express';

app.use(user.verifyToken({
  appId: 'your-app-id',
  tokenExtractor: tokenExtractors.fromQuery('token')
}));

TYPESCRIPT

Parameters

optionsUserAuthOptions

Required

Configuration options

appIdstring

Required

The ID of the Canva app, obtained via the developer portal canva.com/developers.

cacheMaxAgeMinutesnumber

Optional

The maximum age of the JWKS cache in minutes.

Default value: 60

timeoutMsnumber

Optional

The timeout for the JWKS fetch in milliseconds.

Default value: 30000

baseUrlstring

Optional

The base URL for the JWKS endpoint.

Default value: "https://api.canva.com"

tokenExtractorTokenExtractor

Optional

A function that extracts a JWT token from the request.

Default value: tokenExtractors.fromBearerAuth()

Parameters

reqRequest

Required

Returns

Returns

Express middleware that verifies JWT tokens.

RequestHandler