Skip navigation

Skip to main content

Getting started
Developer resources
Designing apps
App UI Kit
Design guidelines
App components
Figma resource
Developing apps
App configuration
Authenticating users
Creating elements
Working with elements
Localization
Security
Design interaction
Using design IDsExporting designs
Testing

Configuring scopes

How to manage an app's scopes.

At Canva, the privacy of our users is a top priority, but there are many valid reasons for apps to have access to their data. To balance these concerns, the Apps SDK has a scopes system that lets developers access user data while ensuring that users remain informed and in control of what data is accessed.

How scopes work

In the Apps SDK, some methods have an associated scope. If an app uses one of these methods, the scope must be enabled with either the Developer Portal or the Canva CLI. If the scope isn't enabled, the app can't be approved for release.

By requiring apps to enable scopes, Canva can inform users of what data the app will have access to — and what the app can do with that data — before the user installs it.

The user experience

Before a user installs an app, they're shown a screen that explains what the app is and what scopes are required to install it. If an app doesn't require any scopes, no requirements are listed.

If the user doesn't accept the app's scopes, the app can't be installed.

If a user uninstalls an app, all scopes are revoked.

What scopes are required?

The scopes required by an app depend on the methods called by the app. For the complete list of scopes, along with the methods associated with those scopes, see List of scopes.

How to configure scopes

You can configure scopes for your app with either the Developer Portal or the Canva CLI:

  1. Navigate to an app via the Your apps(opens in a new tab or window) page.
  2. On the Scopes page, enable the required scopes.

  1. Set up your app to use the Canva CLI to manage settings via the canva-app.json file.

  2. Add the required scopes to the runtime.scopes property. For more information, see canva-app.json.

    For example, the following adds the Design read and Design write scopes.

    {
      "runtime": {
        "permissions": [
          {
            "name": "canva:design:content:read",
            "type": "mandatory"
          },
          {
            "name": "canva:design:content:write",
            "type": "mandatory"
          }
        ]
      }
    }
    JSON

List of scopes

This section lists the scopes that can be enabled for an app, including the methods that require the scope to be enabled. The required scopes are also listed on the API reference pages for each method.

canva:design:content:read

The app may read the content of the user's design.

The following methods require this scope to be enabled:

canva:design:content:write

The app may modify the content of the user's design.

The following methods require this scope to be enabled:

canva:asset:private:read

The app may download assets from the user's media library.

The following methods require this scope to be enabled:

canva:asset:private:write

The app may upload assets to the user's media library.

The following methods require this scope to be enabled:

canva:brandkit:read

The app may read data from brand kits that the user can access.

The following methods require this permission to be enabled: