By default, Canva Button API keys are locked to the following domains:
If you try to use your API keys from other domains, Canva blocks the request and responds with a Forbidden (403) error.
Because of domain restrictions, it's not possible to add the Canva Button to an HTML file on your local machine and open that file in a web browser. You need to serve the HTML file via localhost. To learn more, refer to Local development.