By default, Canva Button API keys are locked to the following domains:
If you try to use your API keys from other domains, Canva blocks the request and responds with a Forbidden (403) error.
To add a domain to Canva's allowlist:
Log in to the Developer Portal.
Under the Your Canva Button integrations heading, find the relevant integration and select View.
Select Add a referrer domain.
Enter a domain in the text field, such as
Changes to the form save automatically.
You can use the wildcard symbol (an asterisk) when adding domains in the allowlist. This makes it possible for Canva to accept requests from variations of a domain name.
The following table demonstrates some ways to use the wildcard symbol:
The exact domain name.
The domain name and subdomains.
The domain name, subdomains, and subdirectories.