POST /configuration/delete

API reference for the "/configuration/delete" endpoint.

If an app supports authentication, Canva sends a POST request to the following endpoint when a user disconnects the app from Canva:

<authentication_base_url>/configuration/delete

The purpose of this request is to de-authenticate the user, allowing them to either re-authenticate with different credentials or to simply remove the connection between Canva and the app's backend.

When sending this request, Canva replaces <authentication_base_url> with the app's Authentication base URL. You can configure this URL via the app's Authentication page.

Request

Endpoint

POST <authentication_base_url>/configuration/delete

Headers

Property

Type

Required

Description

X-Canva-Signatures

string

Yes

A comma-separated list of request signatures.

X-Canva-Timestamp

string

Yes

The UNIX timestamp (in seconds) of when Canva sent the request.

Body

Properties

Property

Type

Required

Description

user

string

Yes

The ID of the user.

brand

string

Yes

The ID of the user's team.

Example

{
"user": "<user>",
"brand": "<brand>"
}

Responses

200 - Success

Properties

Property

Type

Required

Description

type

"SUCCESS"

Yes

The type of response.

Example

{
"type": "SUCCESS"
}

200 - Error

Properties

Property

Type

Required

Description

type

"ERROR"

Yes

The type of response.

errorCode

string

Yes

An error code that describes what went wrong. Enum: "CONFIGURATION_REQUIRED", "FORBIDDEN", "INTERNAL_ERROR", "INVALID_REQUEST", "NOT_FOUND", "TIMEOUT"

Example

{
"type": "ERROR",
"errorCode": "<error_code>"
}

401 - Invalid request signature or timestamp

An extension must verify the request signature and timestamp of all incoming requests. When an extension can't verify either of these values, it must reject the request with a 401 status code.