Showing results for 
Search instead for 
Did you mean: 
Community Team
Community Team

All things API

Have a question about the Canvas APIs? Have a cool API integration you'd be willing to share? If so, please post here.

Labels (1)
Tags (1)
271 Replies

Thanks, Scott. No worries. If you or others happen to know of threads or examples that illustrate the use of the API and Pandarus, I would appreciate it.



Jacques Hugon

Instructor, Math and Computer Science

Phillips Academy, Andover<>

P: 781.899.4939

C: 781.249.3421



As far as I know there is not a preferred way to test a token. I also use PHP and cURL and have followed a similar course to verify tokens. I typically use this functionality in course level LTI tools. After launch I run a basic GET request to get information about the course. One of the only differences that I use is that I look for the existence of ['errors'][0]['message'] not really looking at the specific message text. I have used that method for the last year or so and have not had any issues with changes.

Hopefully that helps.

Hi Deactivated user​,

Sadly I am not going to be much help with your Ruby questions due to the fact that all of my Canvas API development experience is through PHP and learning Ruby is still an item on my goal list. But I might be able to offer some suggestions with the others. As a quick disclaimer, I only briefly played with the quiz API two years ago (when I was starting to learn the API) and it is easily the most complex and involved APIs I have ever tried to use (and all I was trying to do was to duplicate an existing quiz). With that said let's look at your other questions:

Question 3

In order to embed an image in a test question you will probably need to do something like the following:

  1. Upload the image
    • When the image is uploaded it is placed in a queue and the API will response will include a "status_url" that you will need to ping until you get an "upload_status" of "ready".
    • When you get the "ready" response you can then get the ID of the file
    • Alternatively you could use list the files for a given course, user, group or folder and retrieve the ID that way.
  2. Create the question
    • The question text should accept html so for the image you will need to write something like
      <img src="/courses/{course_id}/files/{file_id}/preview" alt="Something describing the image" />
    • The {course_id} will match the course you are loading the image into and the {file_id} is what you retrieved in step 1
    • Alternatively you could host the images elsewhere and just add a link to that external image, just make sure it is secure so that browsers won't block it (https).

Question 4

Based on Canvas' built in method for creating quizzes, I am pretty sure that the answers can only contain text.

Hopefully this helps

Thanks, Ken. Your suggestions for question 3 make great sense. I had missed the fact that I could embed an image “preview” pointing to a local file in the HTML. Given that the pictures are already stored in an online database with unique secure URLs, your suggestion to simply include a link to these images may be easier to implement (and DRYer as well) than uploading the files for each quiz in each section of each course.

Question 4: Thanks, I expected this was the case.

Much appreciated!



Jacques Hugon

Instructor, Math and Computer Science

Phillips Academy, Andover<>

P: 781.899.4939

C: 781.249.3421


Actually, it does help, especially the part about it working for over a

year! Thanks.

Becky Kinney

Academic Technology Services

Project Blog <>

On Thu, May 14, 2015 at 12:33 PM, Kenneth Larsen <>

Community Member

What's the best way to let Instructure know about a bug (or something that appears to me to be a bug) in the API?  I have been experimenting with creating quizzes, which means using parts of the API that are still in beta.  I want to report bugs as I find them, not because I expect them to be fixed right away but just in case the information is helpful to developers.

I've submitted a few tickets through the general Canvas help center, but that means extra work for the admin people at my institution (who filter tickets so that Instructure only gets what seem like genuine errors).  It seems like it would create extra work for Instructure also, although I don't really know how many steps are involved in getting from support techs to developers.

Canvas answers have been upgraded to permit html. I've tested it, and images work fine. There is a tricky bit when pulling questions out of the API, though, and presumably also when pushing them in. The documentation says that answer-specific feedback will be provided in the answer array as ['comments'], but new question feedback is now coming in as ['comments_html']. Answers themselves might be found in ['text'] or in ['html'], so you need to check both. In general, it is a good idea to triple-check the results of an API call rather than trust the documentation. Even endpoints that are not in beta are not entirely stable. That's not too surprising given the rate at which Instructure is pushing Canvas forward. Still, it would be a huge help to me if the documentation would keep pace, and better still if there were a mailing list that consistently notified developers every time the API changes.

Community Coach
Community Coach

That's a good question. We've been doing the same thing as you - IT person submits a ticket, I escalate it, Canvas support takes a look, and hopefully escalates it to the right person/people - but if there is a better or more efficient way of doing things we'd be happy to do it!

Hi owen​ and​,

Filing a ticket and escalating it really is the most efficient process.  You are correct; it does mean work for everybody but that is the best way to get an issue or a bug into the tracking system so our engineers can address it.

Hi Becky,

I don't check the error message content either, but here's what I do to check the validity of the tokens we store locally, according to this doc: Canvas LMS REST API Documentation (See the paragraph under "Storing Tokens".)  I make a GET call and look in the HEADER.  If the status is "401" and WWW-Authenticate is set (not blank, when status is 200, you don't get WWW-Authenticate), then I go ahead and re-get the user's access_token to store.  (This is what I get in the header, when token is invalid:

Status=401 Unauthorized, WWW-Authenticate=Bearer realm="canvas-lms", but I still just check that I get a non-null/non-blank WWW-Authenticate.)

We've only had our tools running for about three months since we're relatively new using Canvas, but this has been working for us.   If anyone has corrections or better ways to validate access_tokens, I'd love to know, too!