Canva SCIM API

Overview Authentication Users, Groups, and Teams

SCIM User API reference

Create a user Get a user List users Update all information for a user Update individual attributes for a user Delete a user

SCIM Group API reference

Create a group Get a group List groups Update all information for a group Update individual attributes for a group Delete a group

List users

Gets a paginated list of all users in a Canva team, including inactive users.

You can use the startIndex and count parameters to control the pagination of the response.

You can also provide a filter parameter to narrow down the users returned to only include those matching the filter.

HTTP method and URL path

GET https://www.canva.com/_scim/v2/Users

Header parameters

AuthorizationstringRequired

Provides credentials to authenticate the request, in the form of a Bearer token.

For example: Authorization: Bearer {token}

Query parameters

startIndexintegerOptional

Used to paginate the response: the index of the first result to return.

countintegerOptional

Used to paginate the response: the number of results to return. Must be between 1 and 10.

filterstringOptional

A filter to narrow down the results returned, using the equals (eq) query parameter. The following filters are supported:

Return the user matching the SCIM userName value: userName eq "{saml_name_id}".

For example: GET /_scim/v2/Users?filter=userName%20eq%20"aliddell"
Return the user matching the SCIM externalId value: externalId eq "{idp_provided_external_id}".

For example: GET /_scim/v2/Users?filter=externalId%20eq%20"abcdefgh12345678"

Example request

Examples for using the /_scim/v2/Users endpoint:

curl --request GET 'https://www.canva.com/_scim/v2/Users' \
--header 'Authorization: Bearer {token}'

const fetch = require("node-fetch");

fetch("https://www.canva.com/_scim/v2/Users", {
  method: "GET",
  headers: {
    "Authorization": "Bearer {token}",
  },
})
  .then(async (response) => {
    const data = await response.json();
    console.log(data);
  })
  .catch(err => console.error(err));

import java.io.IOException;
import java.net.URI;
import java.net.http.*;

public class ApiExample {
    public static void main(String[] args) throws IOException, InterruptedException {
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create("https://www.canva.com/_scim/v2/Users"))
            .header("Authorization", "Bearer {token}")
            .method("GET", HttpRequest.BodyPublishers.noBody())
            .build();

        HttpResponse<String> response = HttpClient.newHttpClient().send(
            request,
            HttpResponse.BodyHandlers.ofString()
        );
        System.out.println(response.body());
    }
}

JAVA

import requests

headers = {
    "Authorization": "Bearer {token}"
}

response = requests.get("https://www.canva.com/_scim/v2/Users",
    headers=headers
)
print(response.json())

using System.Net.Http;

var client = new HttpClient();
var request = new HttpRequestMessage
{
  Method = HttpMethod.Get,
  RequestUri = new Uri("https://www.canva.com/_scim/v2/Users"),
  Headers =
  {
    { "Authorization", "Bearer {token}" },
  },
};

using (var response = await client.SendAsync(request))
{
  response.EnsureSuccessStatusCode();
  var body = await response.Content.ReadAsStringAsync();
  Console.WriteLine(body);
};

CSHARP

package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	url := "https://www.canva.com/_scim/v2/Users"
	req, _ := http.NewRequest("GET", url, nil)
	req.Header.Add("Authorization", "Bearer {token}")

	res, _ := http.DefaultClient.Do(req)
	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)
	fmt.Println(string(body))
}

$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.canva.com/_scim/v2/Users",
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {token}',
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);

if (empty($err)) {
  echo $response;
} else {
  echo "Error: " . $err;
}

PHP

require 'net/http'
require 'uri'

url = URI('https://www.canva.com/_scim/v2/Users')
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request['Authorization'] = 'Bearer {token}'

response = http.request(request)
puts response.read_body

RUBY

Success response

If successful, the endpoint returns a 200 response with a JSON body with the following parameters:

schemasstring[]

Available values: The only valid value is urn:ietf:params:scim:api:messages:2.0:ListResponse.

totalResultsinteger

The total number of results matching the query.

startIndexinteger

The index of the first result.

itemsPerPageinteger

The number of results returned in the current page.

resourcesScimUserResponse[]

An array of the users returned in the current page of results.

schemasstring[]

The URIs of the SCIM schemas.

Available values: The only valid value is urn:ietf:params:scim:schemas:core:2.0:User.

idstring

The Canva-generated SCIM ID for the user.

metaobject

Meta properties for the user.

resourceTypestring

The SCIM resource type of the object.

Available values: The only valid value is User.

createdstring

The timestamp when the object was created.

userNamestring

A unique identifier for the user.

displayNamestring

The name of the user, suitable for display to end-users.

emailsobject[]

The email address for the user.

The Canva SCIM API only supports one email address for each user.

primaryboolean

Whether the email is the primary address. Only one email address for a user can be the primary one.

valuestring

The email address.

typestring

The type of email address for the user. The Canva SCIM API only supports work as the type of the email address.

activeboolean

Whether the user account is active. Setting this to false deprovisions the user in Canva.

rolestring

The role of the user. This can be one of the following:

Member
Teacher
Staff
Admin
Template-designer
Aide
Administrator
School administrator
School
Tenant
Faculty

If an invalid value is provided, the role defaults to Member.

Except for Member, all other role values map to the Canva "Brand Designer" role. For more information on Canva roles, see Team roles and permissions⁠(opens in a new tab or window).

Default value: Member

externalIdstringOptional

A string that is an identifier for the resource as defined by the provisioning client.

namenameOptional

The components of the user's name.

givenNamestringOptional

The first or 'given' name for the user.

familyNamestringOptional

The last or 'family' name for the user.

localestringOptional

The user's default location, for example en_AU.

Example response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "totalResults": 1,
  "startIndex": 1,
  "itemsPerPage": 10,
  "resources": [
    {
      "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
      ],
      "id": "UAFdxab1abC",
      "externalId": "abcd1234",
      "meta": {
        "resourceType": "User",
        "created": "2023-09-18T06:08:35Z"
      },
      "userName": "aliddell",
      "displayName": "Alice Liddell",
      "name": {
        "givenName": "Alice",
        "familyName": "Liddell"
      },
      "emails": [
        {
          "primary": true,
          "value": "[email protected]",
          "type": "work"
        }
      ],
      "active": true,
      "locale": "en_US",
      "role": "Member"
    }
  ]
}

JSON

Error responses

400 Bad request

schemasstring[]

Available values: The only valid value is urn:ietf:params:scim:api:messages:2.0:Error.

detailstring

Available values: The only valid value is No SSO configurations found, please check the settings page.

statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "No SSO configurations found, please check the settings page",
  "status": "400"
}

JSON

403 Forbidden

schemasstring[]

Available values: The only valid value is urn:ietf:params:scim:api:messages:2.0:Error.

detailstring

Available values: The only valid value is Unsupported filter field.

statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "Unsupported filter field",
  "status": "403"
}

JSON