Anonymous editing

Some partners don't require users to login before creating designs via their website. In these cases, a partner can calculate an autoAuthToken with a random string instead of a user's ID:

const jwt = require("jwt-simple");
const now = Math.floor(new Date().getTime() / 1000);
const payload = {
iss: process.env.PARTNER_API_KEY,
sub: "<random_string>",
iat: now,
exp: now + 60 * 30,
};
const autoAuthToken = jwt.encode(payload, process.env.PARTNER_API_SECRET);
console.log(autoAuthToken);

This still creates an account in Canva's backend, but the account isn't associated with a user in the partner's backend. As a result, the user is effectively anonymous.

Limitations

  • If your integration uses anonymous editing, users can't view their previously created designs or uploaded media.