When a user reaches the end of an authentication flow, an app must redirect users to the following endpoint:
https://www.canva.com/apps/configured
This redirect:
Closes the authentication pop-up window.
Reloads the app (or displays an error, if the authentication is unsuccessful).
Protects the app against cross-site request forgery (CSRF) attacks.
The app must also append the required query parameters.
To learn more, refer to Authentication.
If you're creating an app via canva.cn, redirect users to the canva.cn
domain instead of canva.com
.
GET https://www.canva.com/apps/configured
Property | Type | Required | Description |
| string | Yes | A token that Canva provides to the app at the start of the authentication flow. The app must return this token to Canva at the end of the authentication flow. This protects the app against Cross-Site Request Forgery (CSRF) attacks. |
| boolean | Yes | If |
https://www.canva.com/apps/configured?success=true&state=<state>