API reference for the getCanvaUserToken function.

Retrieves a JSON Web Token (JWT) for the current user. For the sake of security, include this JWT in the Authorization header of any HTTP request sent to the app's backend. The backend must only accept the request if the JWT is valid.

To learn more, see Sending HTTP requests.

import { getAuthentication } from "@canva/authentication";
(async () => {
const authentication = getAuthentication();
const token = await authentication.getCanvaUserToken();
const response = await fetch("", {
method: "POST",
headers: {
Authorization: `Bearer ${token}`,
const result = await response.json();

Returns a JSON Web Token as a string.

You can access information about the user, such as their ID, by decoding the string into an object. We recommend using a library to decode the object, such as jsonwebtoken.

The decoded object contains the following properties:


The ID of the app.


The ID of the user.


The ID of the user's team.