App development
Create an appCreate a support ticket
Search…
Overview
Quick start
Changelog
Platform concepts
Apps
Extensions
Regions
Authentication
Deprecation policy
Extensions
Content extensions
Editing extensions
Publish extensions
Frontend development
Assets
Development URL
Error handling
Localization
Notifications
Rich controls
JSX
WebGL
Backend development
Base URL
Continuation
Signature verification
SDKs
Distribution
UX guidelines
Submission checklist
Creating the App Directory listing
Client API
EditingExtensionClient.API
CanvaDataType
CanvaElement
CanvaElementLayout
CanvaImageBlob
CanvaImageHelpers
CanvaImageUrl
CanvaMedia
init
Server API
Overview
GET /apps/configured
POST /configuration
POST /configuration/delete
POST /content/resources/find
POST /editing/image/process
POST /editing/image/process/get
POST /publish/resources/find
POST /publish/resources/get
POST /publish/resources/upload
Redirect URL
Reference
Locales
Powered By GitBook
GET /apps/configured
API reference for the "/apps/configured" endpoint.
When a user reaches the end of an authentication flow, an app must perform a 302 redirect to the following URL:
https://www.canva.com/apps/configured
This redirect:
  • Closes the authentication pop-up window.
  • Reloads the app (or displays an error, if the authentication is unsuccessful).
  • Protects the app against cross-site request forgery (CSRF) attacks.
The app must also append the required query parameters.
To learn more, refer to Authentication.
For guidelines on creating a delightful authentication flow, see Optimizing the authentication flow.
If you're creating an app via canva.cn, redirect users to the canva.cn domain instead of canva.com.

Request

Endpoint

GET https://www.canva.com/apps/configured

Query

Properties

Property
Type
Required
Description
state
string
Yes
A token that Canva provides to the app at the start of the authentication flow. The app must return this token to Canva at the end of the authentication flow. This protects the app against Cross-Site Request Forgery (CSRF) attacks.
success
boolean
Yes
If true, Canva closes the authentication pop-up window and reloads the app. If false, Canva closes the authentication pop-up window and displays an error.

Example

https://www.canva.com/apps/configured?success=true&state=<state>
Server API - Previous
Overview
Next - Server API
POST /configuration
Last modified 3mo ago
Copy link
On this page
Request
Endpoint
Query