[ARCHIVED] Developer key or data access token?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How does a developer key differ from a data access token for accessing the API?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi John,
Sorry for the delay on a response. Hopefully this information is more helpful:
Right now an external tool has two ways it can get an API key for a Canvas user. First, the external tool can ask the user to generate one manually in the user's profile, and copy and paste it into their application somewhere or. The second way is for the external tool to use a developer key to ask for one, server to server. In this server scenario, a user who starts the app or launches it from within Canvas will see a screen where "Tool ______ is requesting access to your account." Once the user selects the Authorize button, Canvas issues an API token for that user to the application. This second method is preferred and more secure due to the api token never been placed in a web page or put somewhere it could be easily intercepted or compromised.
Thanks,
Erin
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.