Skip navigation
Skip to main content
Canva Developers logo
Reference

GET /apps/configured

API reference for the "/apps/configured" endpoint.

When a user reaches the end of an authentication flow, an app must perform a 302 redirect to the following URL:

https://www.canva.com/apps/configured
bash

This redirect:

  • Closes the authentication pop-up window.
  • Reloads the app (or displays an error, if the authentication is unsuccessful).
  • Protects the app against cross-site request forgery (CSRF) attacks.

The app must also append the required query parameters.

To learn more, refer to Authentication.

Request

Endpoint

GET https://www.canva.com/apps/configured
bash

Query

Properties

PropertyTypeRequiredDescription
statestringYesA token that Canva provides to the app at the start of the authentication flow. The app must return this token to Canva at the end of the authentication flow. This protects the app against Cross-Site Request Forgery (CSRF) attacks.
successbooleanYesIf true, Canva closes the authentication pop-up window and reloads the app. If false, Canva closes the authentication pop-up window and displays an error.

Example

https://www.canva.com/apps/configured?success=true&state=<state>
bash