POST /configuration/delete
API reference for the "/configuration/delete" endpoint.
If an app supports authentication, Canva sends a POST request to the following endpoint when a user disconnects the app from Canva:
<authentication_base_url>/configuration/delete
The purpose of this request is to de-authenticate the user, allowing them to either re-authenticate with different credentials or to simply remove the connection between Canva and the app's backend.
Request
Endpoint
POST <authentication_base_url>/configuration/delete
Headers
| Property | Type | Required | Description |
|---|---|---|---|
X-Canva-Signatures | string | Yes | A comma-separated list of request signatures. The name of this header is sometimes lowercase (e.g. x-canva-signatures). |
X-Canva-Timestamp | string | Yes | The UNIX timestamp (in seconds) of when Canva sent the request. The name of this header is sometimes lowercase (e.g. x-canva-timestamp). |
Body
Properties
| Property | Type | Required | Description |
|---|---|---|---|
user | string | Yes | The ID of the user. |
brand | string | Yes | The ID of the user's team. |
Example
{"user": "<user>","brand": "<brand>"}
Responses
200 - Success
Properties
| Property | Type | Required | Description |
|---|---|---|---|
type | "SUCCESS" | Yes | The type of response. |
Example
{"type": "SUCCESS"}
200 - Error
Properties
| Property | Type | Required | Description |
|---|---|---|---|
type | "ERROR" | Yes | The type of response. |
errorCode | string | Yes | An error code that describes what went wrong. Enum: "CONFIGURATION_REQUIRED", "FORBIDDEN", "INTERNAL_ERROR", "INVALID_REQUEST", "NOT_FOUND", "TIMEOUT" |
Example
{"type": "ERROR","errorCode": "<error_code>"}
401 - Invalid request signature or timestamp
An extension must verify the request signature and timestamp of all incoming requests. When an extension can't verify either of these values, it must reject the request with a 401 status code.