Skip to main content

Authorization

Follow this guide to create a new Canvas credential that will allow Nexla to authenticate to and exchange data with your Canvas account.
canvas_lms_api_auth.png

Canvas

Prerequisites

The Canvas connector authenticates to the Canvas LMS REST API using an API access token (a bearer token) together with your institution's Canvas domain. Before creating a credential in Nexla, you will need access to a Canvas account with permission to view or manage the accounts, courses, users, and other resources you intend to access.

Determine Your Canvas Domain

Every Canvas instance is hosted at an institution-specific domain. This is the URL that appears in your browser when you are logged in to Canvas, for example https://yourinstitution.instructure.com (some institutions use a custom domain). Nexla prepends this domain to each API path, so it must be entered exactly, including the https:// protocol and without a trailing slash.

Generate a Canvas API Access Token

For testing and individual use, the simplest way to obtain a token is to generate one from your Canvas user profile. The token inherits the permissions of the user account that generates it, so use an account with sufficient access for the data you intend to read or write.

  1. Log in to Canvas, and click Account in the global navigation menu, then select Settings.

  2. Scroll to the Approved Integrations section.

  3. Click the + New Access Token button.

  4. Enter a purpose in the Purpose field (for example, "Nexla Integration"), and optionally set an expiration date in the Expires field. Leaving the expiration blank creates a token that does not expire.

  5. Click Generate Token.

  6. Copy the generated token immediately and store it securely.

    Important

    The access token is displayed only once, at the time it is generated. After you close the dialog, the full token cannot be viewed again. If the token is lost, you must delete it and generate a new one.

Canvas access tokens are password-equivalent and grant API access at the permission level of the user that created them. Treat the token as a secret, and do not share it or commit it to version control. Per Canvas API policy, integrations used by multiple people should use OAuth2 rather than asking each user to generate a personal token. For administrator-managed or production integrations, work with your Canvas administrator to provision an appropriate developer key and token. For complete details, see the Canvas OAuth2 documentation.

Create a Canvas Credential

  • To create a new Canvas credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Credentials Configuration

  1. Enter your institution's Canvas domain in the Canvas Domain field. This is the base URL of your Canvas instance, including the https:// protocol and without a trailing slash (for example, https://yourinstitution.instructure.com). Nexla combines this value with each API path, so an accurate domain is required for all requests to succeed.

  2. Enter the Canvas API access token generated from your Canvas user profile in the Access Token field. This token authenticates Nexla with the Canvas LMS REST API and is sent as a bearer token in the Authorization header of each request.

    The access token grants API access at the permission level of the Canvas user that generated it. Keep the token secure, and do not share it publicly. Tokens issued through developer keys may have a limited lifetime and can be revoked at any time from the Approved Integrations section of your Canvas profile.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.