Skip to main content
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Canvas Platform Breaking Changes

Canvas Platform Breaking Changes

The breaking changes page displays a comprehensive list of all deprecation removals noted in the Canvas API Change Log , GraphQL API Change Log, or Canvas Platform Change Log. Logs can be located in the Canvas Log Archive by Year.

Canvas may deprecate API elements according to the timelines indicated in the Canvas API Policy page.

The heading date indicates the date that the intended code will be removed from the production environment.

Subscribe this document for content updates. To learn how, see Help: Subscriptions

 

2023-09-16

Announcement Date: 2023-06-23

Beta Availability: 2023-08-21

ResourceLink.id substitution parameter update

ResourceLink.id substitution parameter supplies a resource link’s ‘resource_link_uuid’ instead of the ‘resource_id.' 

Note: The resource_llink_uuid is a platform supplied value, whereas resource_id is provided by the external tool. This aligns with LTI specifications.

 

2023-06-20

Announcement Date: 2023-06-23

Deprecation of oembed_retrieve LTI 1.1 endpoint [Delayed as of 2023-05-15]

For more information, please see Upcoming Canvas Changes.

The oembed_retrieve endpoint is removed to improve compliance and security. Other available endpoints can be used to achieve the same functions. 


Note: At the time of this announcement, Product Managers are in contact with third-party tools in preparation for this deprecation. No action is needed by administrators at this time.

 

2023-05-20

Announcement Date: 2023-04-03

Beta Availability: 2023-04-03

Deprecation of 302 Error redirect for oAuth Token Errors

When client authentication fails or is invalid with POST to /login/oauth2/token, a 400 error returns instead of a 302 redirect for oAuth token errors.

Note: The authentication endpoint is not affected.

 

2023-04-15 [Delayed as of 2023-04-03]

Announcement Date: 2023-01-17

Beta Availability: 2023-03-20

Deprecation of 302 Error redirect for oAuth Token Errors

When client authentication fails or is invalid with POST to /login/oauth2/token, a 400 error returns instead of a 302 redirect for oAuth token errors.

Note: The authentication endpoint is not affected.

 

2022-10-15

Announcement date: 2022-06-08

Deprecation of Numerical Variable Substitutions in LTI 1.3 Launch

Certain variable substitutions in custom claim for the LTI 1.3 launch were identified as containing numerical values rather than string values as required by the specification. These numerical variable substitutions will be deprecated and changed to string values on 2022-10-15. The feature flag, Returns String Values Instead of Numeric Values in Variable Substitutions controls this change and can be used in individual environments to test and determine if this will be an issue for your tool.

Note: This change affects LTI 1.3 endpoints only. The LTI 1.3 endpoints are using these variables in accordance with the documentation here (specifically in tool launches and using the Names and Roles Provisioning Service). In general, LTI endpoints are used by tools, typically created by third parties, which are authorized via the creation of LTI developer keys. Institutions working with standard API keys and not LTI keys (when setting up under Developer Keys in the admin menu) are not impacted.

The affected fields are:

  • ​​com.instructure.OriginalityReport.id
  • com.instructure.Submission.id
  • com.instructure.File.id
  • Canvas.account.id
  • Canvas.rootAccount.id
  • Canvas.root_account.id
  • Canvas.root_account.global_id
  • Canvas.shard.id
  • com.instructure.Group.id
  • Canvas.course.id
  • Canvas.externalTool.global_id
  • Canvas.assignment.id
  • Canvas.assignment.pointsPossible
  • Canvas.assignment.allowedAttempts
  • Canvas.assignment.submission.studentAttempts
  • Canvas.user.id
  • Canvas.user.globalId
  • User.id
  • Canvas.file.media.duration
  • Canvas.file.media.size
  • Canvas.masqueradingUser.id
  • Canvas.moduleItem.id

 

 

2022-05-25

Announcement date: 2022-02-16

Authentication

An unauthorized response from the JSON API will return a 403 (Forbidden) instead of a 401 code, to be more in line with HTTP standards. Additionally, localization of the “status” field in unauthenticated or unauthorized JSON errors is deprecated; the status will always be given in English.

Labels (2)
Was this article helpful? Yes No
Embed this guide in your Canvas course:

Note: You can only embed guides in Canvas courses. Embedding on other sites is not supported.