As an admin, you can create developer keys for root accounts. A developer key is a code given to the developer of a third-party application that allows access to certain information and permissions within Canvas. Developer keys can be used to create custom integrations with Canvas and allow third-party apps to use Canvas authentication. The developer key uses OAuth2 to enable the application to use Canvas for authentication. For more information about OAuth2, see the Instructure API OAuth documentation.
The developer key is sent from the application to Canvas when a user requests access. The application asks the user for permission to programmatically create an API access token. When the user authorizes the application, the third-party application will have the same access to information and account permissions as the user that granted access. For more information about developer documents, see the Instructure Github page.
Developer Keys includes new advanced functionality for key scoping as part of adding a developer key. If you have not enabled the advanced features, key scoping will not be available to you. Additionally, the interface shown in this lesson displays differently but the remaining functionality is the same.
- Developer Keys is an account permission. If you cannot view the Developer Keys link in Account Navigation, this permission has not been enabled for your user account.
- Advanced Developer Keys management options are currently an account opt-in feature. To enable this feature, learn how to manage feature options in the account features lesson.
In Global Navigation, click the Admin link , then click the name of the account .
Enter Key Settings
Enter the settings for the developer key:
- Key Name : Usually your app or company name. This field will be shown when users are asked to approve access to their Canvas account on your behalf.
- Owner Email : The email of the person who owns the developer tool.
- Redirect URI (Legacy) : The URI for the key redirect. This field allows you to set the previous URI for a tool. Eventually this field will be removed.
- Redirect URIs : The domains where tokens are requested. These URIs are not your Canvas URL. To avoid mixed content browser concerns, use https.
- Vendor Code (LTI 2) : A unique registered code which identifies the vendor or developer of the third-party tool. This is specifically for LTI 2 tools and apps.
- Icon URL : The URL of the icon for your developer tool. This URL is presented to the user to approve authorization for your tool. To avoid mixed content browser concerns, use https.
- Notes : Any notes about the developer key, such as the reason it was created.
If the Scopes page is available to you, you can customize access for the key by clicking the Enforce Scopes button . Otherwise, the key will have access to all endpoints available to the authorizing user.