Canvas Platform Breaking Changes
The breaking changes page displays a comprehensive list of all deprecation removals noted in the Canvas API Change Log , GraphQL API Change Log, or Canvas Platform Change Log. Logs can be located in the Canvas Log Archive by Year.
Canvas may deprecate API elements according to the timelines indicated in the Canvas API Policy page.
The heading date indicates the date that the intended code will be removed from the production environment.
Subscribe this document for content updates. To learn how, see Help: Subscriptions
2025-02-16
Announcement Date: 2024-11-22
Beta Environment Availability: 2025-01-20
Validation_context and error do not launch in LTI Launch claim objects
In LTI launches, the JWT message was previously validated during creation in Canvas, which added extra, unintended fields (validation_context and errors) to the JWT payload. This update removes these unnecessary fields, ensuring a cleaner and more streamlined JWT payload.
Updated Deployment ID Naming for LTI Compliance
To ensure compliance with the IMS LTI specification, the naming convention for the deployment ID in LTI login requests is changed to lti_deployment_id. Previously, the deployment ID was sent as deployment_id.
Announcement Date: 2024-10-25
Beta Environment Availability: 2025-01-20
Assignment Custom Parameter Data with Leading Zeros Stripped During Course Copy
Custom variables that previously stored values as integers or floats are converted to strings during course copy. While these values have been returned as strings in LTI responses for over a year, this change may affect API users who rely on the variable being an integer or float within the Canvas API (but not in the LTI response). No significant impact is expected; however, users are encouraged to monitor for any changes.
2024-12-08
*Production Date updated on 2024-10-16
Announcement Date: 2024-09-27
Beta Environment Availability: 2024-11-18
Updating the mediaType for launches from New Quizzes items
This update affects LTI tools that rely on the "mediaType" in the placements for module_menu, quiz_menu, and assignment_menu. The "mediaType" for New Quizzes launches is changing from:
Old value: "mediaType":"application/vnd.instructure.api.content-exports.assignment"
New value: "mediaType":"application/vnd.instructure.api.content-exports.quizzesnext"
This update helps tools distinguish between regular assignments/old quizzes and New Quizzes.
2024-11-16
Announcement Date: 2024-07-23
Beta Environment Availability: 2024-10-21 [Added 2024-09-05]
Remove of null values in custom parameter values
For certain custom parameter values, if there is no value Canvas currently sends null as the value. With this change, Canvas will now send the variable name when there is no value, in accordance with the Learning Tools Interoperability Core Specification 1.3 IMS Global Learning Consortium.
Expands all group related LTI variable expansions.
Announcement Date: 2024-08-02
Expand all of the listed variable expansions. Previously, these required a Course context to work. Now, they will also work when the context is a Group within a Course.
- Canvas.course.endAt
- : Canvas.course.gradePassbackSetting
- : Canvas.course.hideDistributionGraphs
- : Canvas.course.id
- : Canvas.course.name
- : Canvas.course.previousContextIds
- : Canvas.course.previousContextIds.recursive
- : Canvas.course.previousCourseIds
- : Canvas.course.sisSourceId
- : Canvas.course.startAt
- : Canvas.course.workflowState
- : Canvas.enrollment.enrollmentState
- : Canvas.membership.concludedRoles
- : com.instructure.contextLabel
- : com.instructure.Course.gradingScheme
- : com.instructure.Course.groupIds
- : com.instructure.Course.integrationId
- : com.instructure.Observee.sisIds
- : com.instructure.User.observees
- : Context.id.history
- : CourseOffering.sourcedId
- : CourseSection.sourcedId
- : vnd.instructure.Course.uuid
- : Canvas.course.sectionIds
- : Canvas.course.sectionRestricted
- : Canvas.course.sectionSisSourceIds
- : com.instructure.User.sectionNames
- : Canvas.assignment.submission.studentAttempts
- Canvas.term.endAt
- Canvas.term.id
- Canvas.term.name
- Canvas.term.startAt
Expand permissions to work when context is a Group. Previously, these worked when the context was a Course or Group. For com.Instructure.membership.roles and Canvas.membership.roles the enrollments from the Group's Account (or Group's Course and Account, if Group has a course) is used.
- : com.Instructure.membership.roles
- : Canvas.membership.roles
- : Canvas.membership.permissions<>
Additionally, this fixes the following expansions to be consistent for groups (use account, not root account):
- Canvas.account.id
- Canvas.account.name
- Canvas.account.sisSourceId
Incidentally, the following expansions now include roles from the Course if the @context is a Group, and the context is a Course:
- Membership.role
- Canvas.xuser.allRoles
- com.instructure.User.allRoles
2023-09-16
Announcement Date: 2023-06-23
Beta Availability: 2023-08-21
ResourceLink.id substitution parameter update
ResourceLink.id substitution parameter supplies a resource link’s ‘resource_link_uuid’ instead of the ‘resource_id.'
Note: The resource_llink_uuid is a platform supplied value, whereas resource_id is provided by the external tool. This aligns with LTI specifications.
2023-06-20
Announcement Date: 2023-06-23
Deprecation of oembed_retrieve LTI 1.1 endpoint [Delayed as of 2023-05-15]
For more information, please see Upcoming Canvas Changes.
The oembed_retrieve endpoint is removed to improve compliance and security. Other available endpoints can be used to achieve the same functions.
Note: At the time of this announcement, Product Managers are in contact with third-party tools in preparation for this deprecation. No action is needed by administrators at this time.
2023-05-20
Announcement Date: 2023-04-03
Beta Availability: 2023-04-03
Deprecation of 302 Error redirect for oAuth Token Errors
When client authentication fails or is invalid with POST to /login/oauth2/token, a 400 error returns instead of a 302 redirect for oAuth token errors.
Note: The authentication endpoint is not affected.
2023-04-15 [Delayed as of 2023-04-03]
Announcement Date: 2023-01-17
Beta Availability: 2023-03-20
Deprecation of 302 Error redirect for oAuth Token Errors
When client authentication fails or is invalid with POST to /login/oauth2/token, a 400 error returns instead of a 302 redirect for oAuth token errors.
Note: The authentication endpoint is not affected.
2022-10-15
Announcement date: 2022-06-08
Deprecation of Numerical Variable Substitutions in LTI 1.3 Launch
Certain variable substitutions in custom claim for the LTI 1.3 launch were identified as containing numerical values rather than string values as required by the specification. These numerical variable substitutions will be deprecated and changed to string values on 2022-10-15. The feature flag, Returns String Values Instead of Numeric Values in Variable Substitutions controls this change and can be used in individual environments to test and determine if this will be an issue for your tool.
Note: This change affects LTI 1.3 endpoints only. The LTI 1.3 endpoints are using these variables in accordance with the documentation here (specifically in tool launches and using the Names and Roles Provisioning Service). In general, LTI endpoints are used by tools, typically created by third parties, which are authorized via the creation of LTI developer keys. Institutions working with standard API keys and not LTI keys (when setting up under Developer Keys in the admin menu) are not impacted.
The affected fields are:
- com.instructure.OriginalityReport.id
- com.instructure.Submission.id
- com.instructure.File.id
- Canvas.account.id
- Canvas.rootAccount.id
- Canvas.root_account.id
- Canvas.root_account.global_id
- Canvas.shard.id
- com.instructure.Group.id
- Canvas.course.id
- Canvas.externalTool.global_id
- Canvas.assignment.id
- Canvas.assignment.pointsPossible
- Canvas.assignment.allowedAttempts
- Canvas.assignment.submission.studentAttempts
- Canvas.user.id
- Canvas.user.globalId
- User.id
- Canvas.file.media.duration
- Canvas.file.media.size
- Canvas.masqueradingUser.id
- Canvas.moduleItem.id
2022-05-25
Announcement date: 2022-02-16
Authentication
An unauthorized response from the JSON API will return a 403 (Forbidden) instead of a 401 code, to be more in line with HTTP standards. Additionally, localization of the “status” field in unauthenticated or unauthorized JSON errors is deprecated; the status will always be given in English.