Search

HeatherAhern · ‎12-22-2022

...Example query: {{BASE_URL}}/dap/query/catalog/table/orders/data The schema of the table can be queried via: {{BASE_URL}}/dap/query/catalog/table/orders/schema Those users will have Catalog d...

The Change Log Archive page displays previous API changes from 2023 noted in the API Change Log. The heading date indicates the date that the API code was made available in the production environment.

[2021-08-17 Update]
Please note upcoming changes to Canvas APIs: From the Engineering Deck: Instructure & GraphQL

2023-12-16

Announcement date: 2023-11-10

CD2 Breaking Change

Please see Phase 1 released 2023-11-22.

Major schema changes are coming.

Table	Column	Changes	Description
web_logs	user_agent_id	Phase 2: Column is removed.	HTTP methods used in the Canvas API.
user_agents	Full table	Phase 2: the table is removed completely. No queries possible after 16 December, 2023.

2023-11-22

Announcement date: 2023-11-10

Changes

LTI Advantage API calls, which encompass any API request initiated by an LTI 1.3 tool, such as those involving the Assignments and Grades Service, respond with an HTTP 404 Not Found status code in cases where the subject of the call, typically a course, has been deleted. This behavior aligns with the standard practice observed in the Canvas API, where the call is prevented from continuing under such circumstances.

CD2 API and CLI Updates

In order to improve stability and performance, some major revisions are triggered to the weblogs and user_agent tables, thus the following improvements and schema changes are introduced.

The schema version of the tables below will be increased.

Table	Column	Changes	Description
web_logs	New: user _agent, type <string>	Introducing a new column: user_agent, type <string> The maximum length of the string is 255. Any user agent longer than 255 characters will be replaced by the “__dap_oversized_truncated__" string literal.	User agent, as the header received from the user's browser/client software.
web_logs	user_agent_id	Phase 1: Will populate the user_agent_id field with NULL going forward and populate the user_agent column instead.	HTTP methods used in the Canvas API.
user_agents	Full table	Phase 1: stop adding new rows to this table effective 11.10.23.
web_logs	web_application_controller	From ENUM to	The controller that the Canvas web application used to service this request.
web_logs	web_application_action	From ENUM to	The action in the Canvas web application used to service this request.

Note: Customers are strongly encouraged to adjust their existing queries (if applicable) as soon as possible. The user_agents table will be deprecated on 16 December, 2023 and users should switch over to using the new column. In the meantime, in order to avoid hidden inconsistencies in reports which this change may introduce downstream, a similar query to leverage both tables can be used if needed:

SELECT web_logs.*, COALESCE(web_logs.user_agent, user_agents.http_user_agent) AS user_agent

FROM web_logs

LEFT JOIN user_agents ON web_logs.user_agent_id = user_agents.id;

CLI changes: Enhancements to support the user_agent_id related change.

For those who use the CLI tool, it will automatically populate the new user_agent column in the weblogs table with the values from the user_agents table. (Pre-condition: the user_agents table exists in the DB/DW along with the web_logs. If it is not present, the tool will not be able to pre-populate the column).

2024-11-20

Announcement Date: 2024-11-08

Addition

Index of active global notification for the user

Added query parameter include_all which includes all global announcements, regardless of user’s role. Only available to account admins.

2023-11-13

Announcement date: 2023-11-10

CD2 API and CLI Update

The schema version of the tables below will be increased.

Table	Column	Changes	Description
content_tags	context_id	NULLABLE false → true

2023-11-02

Announcement date: 2023-11-02

CD2 API Schema Update

Affected users: Admin

New ENUM values are added to the web_logs table schema. Additionally, the schema changes are backwards compatible.

The schema version of the table is increased.

Table	Column	New ENUM values	Description
web_logs	web_application_controller	smart_search	The controller that the Canvas web application used to service this request.
web_logs	HTTPMethod	MERGE, NOTIFY, MOVE, COPY, UNSUBSCRIBE, MKACTIVITY, SUBSCRIBE	HTTP methods used in the Canvas API.

2023-10-21

Announcement date: 2023-09-18

Addition

Calendar Events

Recurring events in a series have a series_uuid to identify the series it belongs to and an rrrule value that describes the schedule for how the events in the series release. The first event in the series has series_head value that is true.

Create a calendar event

Calendar_event [duplicate][frequency]
Calendar_event [rrule]

Update a calendar Event,

The parameter which description is updated.
Calendar_event [rrule]

Delete a calendar event

The parameter which description is updated.

Media Objects API

PUT /api/v1/media_attachments/:attachment_id/media_tracks
GET /api/v1/media_attachments
GET /api/v1/courses/:course_id/media_attachments
GET /api/v1/groups/:group_id/media_attachments
PUT /api/v1/media_objects/:media_object_id
PUT /api/v1/media_attachments/:attachment_id

Changed

PUT /api/v1/media_objects/:media_object_id/media_tracks
GET /api/v1/media_objects
GET /api/v1/courses/:course_id/media_objects
GET /api/v1/groups/:group_id/media_objects

2023-10-15

Announcement date :2023-09-27

Beta Availability date: 2023-09-29 (Edited on 2023-09-28)

Catalog Data Available in Canvas Data 2

Affected Users: Admin

A new data source is added to Canvas Data 2: Catalog product tables.

As part of this release, a new namespace is introduced: catalog

Tables exposed: See the Data Access Platform documentation page. (Contains foreign key (FK) relations to Catalog and Canvas tables.)

Also see the CD1 to CD2 mapping sheet and the updated Entity relationship diagram (ERD).

Example query: {{BASE_URL}}/dap/query/catalog/table/orders/data

The schema of the table can be queried via: {{BASE_URL}}/dap/query/catalog/table/orders/schema

Those users will have Catalog datasets who are Catalog license owners. All other users will receive empty tables. Additionally, the CLI is prepared to handle Catalog tables. See the Client Library release notes below for more details.

Important: At this stage, the release is labeled as a BETA release, publicly available for anybody to try and provide feedback.

CLI and Python Library improvements

Affected users: Admin

A new version 0.3.14 of the client library is published to PyPI. From this version onwards, the CLI is supporting:

Retrieving datasets (downloading snapshot/incremental query results) from the catalog namespace.
Loading the downloaded datasets into a Postgres DB under the catalog namespace.
Loading the downloaded datasets into a MySQL DB by adding the catalog prefix to each (i.e. catalog__order), in order not to overlap with Canvas or other tables in the future. (The namespace as a prefix is only added for the catalog tables).

Example: dap --initdb --connection-string mysql://scott:password@localhost/testd --namespace catalog --table orders

The default namespace in the CLI is canvas. In case the namespace is not defined, it is assumed that a canvas table is requested. Nevertheless, users are encouraged to consistently add the namespace in the commands as a best practice, to explicitly define to which product the queries refer to.

Important: At this stage, the release is labeled as BETA release, publicly available for anybody to try and provide feedback.

2023-10-11

Announcement date: 2023-09-29

Addition

Assignment Overrides

The API override title includes Course Pacing when applicable.

2023-09-27

Announcement date: 2023-09-27

CD2 API schema changes

Affected Users: Canvas Admins

New ENUM values are added to the web_logs table schema.

The schema changes are backwards compatible.

The schema version of the table will be increased.

Table	Column	Changes	Description
web_logs	web_application_controller	New ENUM values: webhooks, support_helpers/submission_lifecycle_manage, polling/poll_choices, polling/poll_submissions	The controller that the Canvas web application used to service this request.
web_logs	web_application_action	New ENUM values: activate_role, add_domain, group_alias, media_object_redirect, rubric_assessments_read_state, show_observer, check_title_availability, pages, open, requeue, course_creation_accounts	The action in the Canvas web application used to service this request.

2023-09-16

Announcement date: 2023-08-21

Changed

Create/link an Outcome and Update an Outcome- PFS-19845

API accepts decaying_average as a calculating method. Similarly, when queried, api shows decaying_average as a calculation method.

Note: Users who were using "decaying_average" when setting up new outcomes through the API are now using the updated standard decaying average.

Addition

Create/link an Outcome and Update an Outcome- PFS-19845

API accepts weighted_average as a calculating method. Similarly, when queried, api shows weighted_average as a calculation method.

Outcomes Import Format Documentation

When importing an outcome via CSV, the new weighted average calculation remains labeled as decaying_average and the new decaying average is added as standard_decaying_average.

2023-08-30

Announcement date: 2023-08-18

Addition

SIS Import Format Documentation

Diffing Mode documentation had the following addition:

Likewise users removed between diffed batches can be marked as 'suspended' if the diffing_user_remove_status is set to suspended. If you prefer to leave removed objects alone in diffed imports, pass skip_deletes=true instead of either of these (this will apply to all object types, not just users and enrollments).

Related idea: [SIS] Treat missing users as "suspended" rather than "deleted" when Diffing

2023-08-23

Announcement date: 2023-08-23

CLI release version 0.3.11

Affected User: Canvas Admins

The Python Client Library and CLI will support the MySQL database protocol dialect.

Notes:

This tool, similarly to the PostgreSQL, requests the data in JSON format, and uses the prepared statement of INSERT … ON CONFLICT … DO UPDATE SET to insert (or on conflict, update) the data in the database.
Internally, it depends on Python libraries SQLAlchemy (which provides an object-relational mapping) and aiomysql.
Warning: aiomysql is classified as being in alpha development status. Instructure cannot assume responsibility for any potential changes or consequences resulting from its usage.
To update your CLI to this new version use the following command: pip3 install instructure-dap-client --upgrade --upgrade-strategy=eager

The tool will work with the following commands:

init_db (to populate an empty (MySQL) database from a snapshot),
sync_db (to insert new, delete, and update existing records returned by the incremental query)
drop_db (delete the table from the database which was previously created with init_db).

Typically, the connection string looks as follows:
dialect://username:password@host:port/database

CLI examples for loading data to a MySQL DB:

dap initdb --help

Example: dap initdb --db-connection-string mysql://username:password@host:port/database --namespace canvas --table accounts

dap syncdb --help

Example: dap syncdb --db-connection-string mysql://username:password@host:port/database --namespace canvas --table accounts

dap dropdb --help

Example: dap dropdb --db-connection-string mysql://username:password@host:port/database --namespace canvas --table accounts

Alternatively, one can choose to store the connection string in environmental variables. For more details please see the CLI documentation.

2023-08-16

Announcement date: 2023-08-10

Addition

Create a login

The Create a login API is expanded to allow accounts with trust relationships to add logins to a existing users in another trusted account, like the SIS Import login.csv process already allows for, by adding the following fields:

existing_user_id
existing_integration_id
existing_canvas_user_id
root_account

2023-08-07

Announcement date: 2023-08-07

CD2 API schema changes

Affected User: Canvas Admins

New ENUM values are added to the web_logs as well as user_agents table schema.

The schema changes are backwards compatible.

The schema version of both tables will be increased.

Table	Column	Changes	Description
user_agents	http_user_agent	NULLABLE false → true	The user agent string sent by the HTTP client.
web_logs	web_application_controller	New ENUM values: api/v1/provisions, eportfolios_api, live_assessments/assessments, live_assessments/results	The controller that the Canvas web application used to service this request.
web_logs	web_application_action	New ENUM values: add_sftp_key, stuck_singletons, stuck_strands, summary_list, unconfirmed_channel_report, unstuck, health_prognosis	The action in the Canvas web application used to service this request.
web_logs	http_methods	New ENUM values: MKCOL, PROPPATCH, CHECKOUT, UNLOCK	N/A

2023-08-02

Announcement date: 2023-07-21

Changed

Outcomes Import Format Documentation

The following descriptions are updated:

Calculation_method
Calculation_int
Mastery_points
ratings

Update a course

When the Manage a Course Content-add/edit/delete permission is disabled, users can no longer make changes to course settings via the API. This improves parity between the UI and the API.

2023-07-19

Announcement date: 2023-07-10

Users API

Addition

First_name and last_name are added to the Users API response by default.

2023-07-17

Announcement date: 2023-07-17

CD2 API schema changes

Affected User: Canvas Admins

New ENUM values are added to the web_logs table schema.

The schema changes are backwards compatible.

The schema version of the table will change from 1 to 2.

Table	Column	New ENUM values	Description
web_logs	web_application_controller	'jobs_v2', 'assignment_extensions', 'internal_analytics_dashboards_api', 'blackout_dates', 'internal_analytics_api', 'disable_post_to_sis_api', 'lti/token', 'moderation_set', 'alerts', 'account_grading_settings', 'outcomes_academic_benchmark_import_api', 'quizzes_respondus/security', 'support_helpers/due_date_cache', 'sftp_users', 'lti/subscriptions_api', 'jobs', 'lti/ims/tool_consumer_profile', 'quizzes/course_quiz_extensions', 'oauth_proxy', 'lti/ims/tool_proxy', 'grading_schemes_json', 'login/twitter', 'polling/polls', 'login/oauth', 'new_quizzes/quizzes_api', 'polling/poll_sessions', 'phone_home', 'demo_snapshots'	The controller that the Canvas web application used to service this request.
web_logs	web_application_action	'mark_all_as_read', 'list_google_docs', 'abort_all_pending', 'landing', 'reset', 'readiness', 'department_statistics_by_subaccount', 'invite', 'android_assetlinks', 'api_create_success', 'remove_alignment', 'restore_states', 'batch_retrieve', 'attachment_content', 'manage', 'closed', 'redirect_proxy', 'lookup', 'xml_schema', 'submissions_clear_unread', 'quota', 'advantage_access_token', 'delete_recording', 'migration_status', 'job_stats', 'delete_for_all', 'formatted_answer', 'get_courses', 'list_keys', 'mark_topic_unread', 'self_enrollment', 'test_ldap_bind', 'compress_dates', 'reset_verifier', 'deleted_index', 'outcome_result', 'preview_html', 'available', 'section_alias', 'clusters', 'start', 'internal_analytics', 'detail_list', 'update_sso_settings', 'item_details', 'multiple_gradeable_students', 'consortium_users', 'restore_user', 'disable_post_to_sis', 'batches', 'show_default_grading_scheme', 'turnitin_confirmation', 'list', 'grouped_info', 'fail', 'apple_app_site_association', 'universal_link_oauth2_dummy', 'test_ldap_connection', 'copy_course_status', 'deep', 'store', 'test_ldap_search', 'stop_debugging', 'registration_return', 'media_upload_url', 'opened', 'object_snippet', 'update_region', 'for_login', 'for_grader', 'set_csp_setting', 'test_ldap_login', 'api_file_status', 'clear_file_session', 'restore_message', 'message_redirect', 'prestart', 'add_users', 'category_index', 'resubmit_to_vericite'	The action in the Canvas web application used to service this request.

2023-07-05

Announcement Date: 2023-06-23

CLI and Python Library improvements

Affected User: Canvas Admins

CD2 API and CLI: new data source added, release contains the Canvas Apache weblog requests.

Due to this, a new namespace will be introduced: canvas_logs

Tables exposed: web_logs, user_agent

Example query: {{BASE_URL}}/dap/query/canvas_logs/table/web_logs/data

The schema of the table can be queried via: {{BASE_URL}}/dap/query/canvas_logs/table/web_logs/schema

Note to the user: as this table contains append only data, it can be very big, so we encourage the usage of incremental queries as opposed to snapshots whenever possible.

The CLI 0.3.9 version is prepared to handle this table and load it into a Postgres DB.

CD2 CLI release: 0.3.9

The Client Library will adopt an extensible plugin architecture. Integrations to various database engines would become plugins. This move opens up the opportunity to contribute integrations for other database engines in the future, e.g. add Oracle, MSSQL, MySQL or SQLite support in addition to PostgreSQL support that exists today. With the version 0.3.9 release, PostgreSQL support has been re-written as a plugin but remains bundled with the Client Library package. While the Python class interfaces may be subject to change, early adopters are welcome to explore the solution and leave feedback as we solidify the plugin framework.

Additional changes, and improvements:

Added support for converting new data types, among which the UUID conversion is affecting the current schema (see known issues)
Added keep-alive settings for the client to avoid possible timeout in some cases when transferring files over http
Improved exception handling

2023-06-21

Announcement Date: 2023-06-09

API Addition

Save enabled account calendars

Enabled_account_calendars[]- This addition displays only visible account calendars where the user has a user-account association and only calendars a user has added to the modal.

CLI and Python Library improvements

Affected User: Canvas Admins

A new version 0.3.8.2 of the client library is published to PyPI. It’s more lenient when it’s receiving timestamp values that don’t fully comply with RFC 3339 and ISO 8601. If the timestamp looks like a BCE date, it is replaced with 1 CE (the minimum possible date representable in the four-digit format). If the timestamp looks like a large CE date (e.g. 23000 CE), it is replaced with 9999 CE (the maximum possible date representable in the four-digit format).

Note to the user: To see which values were adjusted, enable the logging of these values into a log file with the newly introduced logfile command. Please note that it will collect all logs, not just the clamped values.

Example: dap --logfile cd2_cli.log initdb --connection-string postgresql://scott:password@localhost/testd --namespace canvas --table accounts

Details of each timestamp correction can be found in the logs by searching for “Timestamp format error encountered”.

Starting at version 0.4.0, the Client Library will adopt an extensible plugin architecture. Integrations to various database engines become plugins, the first plugin being PostgreSQL support. This move opens up the opportunity to contribute integrations for other database engines in the future, e.g. add Oracle, MSSQL, MySQL or SQLite support.

Note to user: Python programming interface changes slightly, command-line interface is not impacted.

CD2 API and CLI: new data source added, release contains the Canvas Apache weblog requests.

Due to this, a new namespace will be introduced: canvas_logs

Tables exposed: web_logs, user_agent

Example query: {{BASE_URL}}/dap/query/canvas_logs/table/web_logs/data

The schema of the table can be queried via: {{BASE_URL}}/dap/query/canvas_logs/table/web_logs/schema

Note to the user: as this table contains append only data, it can be very big, so we encourage the usage of incremental queries as opposed to snapshots whenever possible.

The CLI is prepared in an upcoming version to handle this table and load it into a Postgres DB.

2023-06-17

Announcement date: 2023-03-20

Changes

LTI Tools launched from New Quizzes can communicate with Canvas via postMessage

To utilize the frame size portions of the postMessage API when embedded in the New Quizzes Rich Content Editor, LTI tools using postMessage API must send messages to window.parent. Previously messages were sent to window.top.

2023-06-07

Announcement Date: 2023-06-01

Addition

Accounts API

List active courses in an account

Added parameter: public-If true, include only public courses. If false, exclude them. If not present, do not filter on this basis.

2023-05-24

[2023-05-23 Update: 416 error code is changed to 400 error code and a note is added to Context_module_progressions.]

CD2 CLI and Client Library Improvements

Affected Users: Admin

Using syncdb is possible even if the schema of the table hosted in CD2 evolves. If the client library detects a mismatch between the locally stored schema version and the schema version exposed by CD2, the table structure of the local database is updated to match the current structure of the data in CD2.

In addition, this release delivers the following minor improvements:

Improved error reporting (e.g. on missing environment variables for parameter-less DAPClient intializer)
Better alignment of client-side and server-side error definitions
Improved logging (use Python logger instance specific to the library)
Improved integration with static type checkers (e.g. mypy)

Note: users can upgrade to version 0.3.8 by executing the command: pip3 install instructure-dap-client --upgrade --upgrade-strategy=eager

CD2 API schema changes

Affected Users: Admin

Note: Due to the schema change, the access to the tables may be restricted while the changes take effect. Once the schema change is complete, there is no action item for the user unless a Status code 400 is received. In this case they will have to drop the table and request a new snapshot, as indicated by the error message.

We are going to add new columns to some already existing tables and make a few more necessary changes.

The schema changes are backwards compatible.

Table	New column	Type	Description
attachments	root_attachment_id	integer <int64>	Foreign key to the source file from which this file was copied and created. Defaults to 'NULL' when this is the only copy.
groups	default_view	string	Default view for groups is the feed.
context_module_progressions Note: Due to reload in the data lake, table must be dropped in the database and a new snapshot is triggered.	lock_version	integer <int32>	Lock version of the module progression.
quiz_questions	question_data.points_possible	number <float64>	Maximum number of points that can be awarded for answering the question correctly.

Table	Column	Change
learning_outcome_results	artifact_type	NULLABLE false → *true*
assignments	submission_types	enum extended with default_external_tool

2023-05-10

Announcement date: 2023-04-28

Canvas Data 2 API Specification

DAP Client Library Version 0.3.7 Update

Affected Users: Admin

CD2 CLI version 0.3.8 is published to PyPI. This release:

fixes a bug in the command syncdb whereby an INSERT … ON CONFLICT DO NOTHING would be executed instead of a DO UPDATE SET, causing updated records to be discarded in a synchronization process.
improves execution speed for column-level type and format conversions.
automatic schema upgrade for the replication target database

All users are strongly encouraged to update. Previous versions of the 0.3.x series will no longer be available.

Note for admin: Users of previous client library versions should issue a dropdb, followed by an initdb for all replicated tables to reconcile their local database with CD2. After this, it’s safe to issue a syncdb command in the new client library version 0.3.7. Commands snapshot and incremental are not affected.

Changed

Line Item/Result URLs are Unique with Multiple Subdomains

Announcement date: 2023-05-09

In Account Settings, the account’s primary domain found under the Canvas Cloud information header is used to generate third-party resource links. Previously, third-party tools who stored resource links on their side experienced an issue with institutions that had multiple domains. Those same resources could have had multiple IDs, one for each domain used.

Note: This does not require any action from the institution or the third-party tool, and will ensure that only one unique ID is created per resource.

The affected values are:

The URLs in the AGS claim in LTI 1.3 launch, as described by Learning Tools Interoperability Assignment and Grade Services Version 2.0 | IMS Global Learning Con....
The URLs used as IDs returned in the various AGS endpoints, such as the "id" in Learning Tools Interoperability Assignment and Grade Services Version 2.0 | IMS Global Learning Con....
The NRPS claim within the LTI 1.3 launch.
The URL used as an ID field in the NRPS endpoints. For examples see the Learning Tools Interoperability Names and Role Provisioning Services Version 2.0 | IMS Global Learn....

2023-04-26

Announcement Date: 2023-04-14

Addition

Configuring LTI Tools

Canvas_environment to LTI 1.3 Login request

Affected Users: Developers

For LTI 1.3 tool developers, the LTI 1.3 login initiation request now contains the new “canvas_environment” parameter, with possible values “prod”, “beta”, and “test”. Tools can use this to decide whether to redirect to a beta/test version of the tool before continuing with the LTI launch.

Note: This replaces the “environments” config option for LTI 1.1 tools, since setting that option on 1.3 tools was not officially supported and resulted in failed 1.3 launches in non-prod Canvas environments.

For more technical information about using this feature, please see our Configuring LTI Advantage Tools API resource document.

Note for Admin: No action is needed, and there is no change to current behavior. Tools can choose to support this for their own development purposes.

Related Idea: [External Tools] Support environment variables for LTI 1.3

Updated 2023-04-20

Changes

Canvas Data 2 API Specification

DAP Client Library Version 0.3.6 Update

Affected Users: Admin

Enumeration types. Commands initdb and syncdb would create PostgreSQL enumeration types omitting the placeholder member “__dap_unspecified__”. Initialization and synchronization for tables that have columns of an enumeration type would fail when this value is received, now or in the future. Users should drop and re-create any tables that have enumeration types created by older versions.
Improved error reporting. Occasionally, Instructure API Gateway responds with an unexpected HTML payload instead of a JSON message that can de-serialize into a well-known type. This response is not understood by the client library, which throws an error. Error handling has been improved to give a more meaningful message to the user.
Stability improvements. Occasionally, the client library would fail on a timeout, printing a cryptic message to the user. The likelihood of these timeouts has been reduced.
Improved documentation. Code and documentation have drifted, they have been reconciled. New Python code examples have been added on how to initialize a local database, and keep it synchronized with data in CD2. (Previously, this functionality was undocumented.)
Improved execution speed. Removed extra layers of function calls and object instantiations in tight loops that are executed for each record as they are copied from CD2 to a relational database.
Improved error reporting. Some noisy warning messages that corresponded to no real error have been removed.

All users are encouraged to update (type in pip3 install instructure-dap-client --upgrade --upgrade-strategy=eager to receive the latest version of both the client library and all dependencies). Previous versions in the 0.3.x series are no longer available.

2023-04-15

Announcement date: 2023-03-20

Additions

New Quizzes

New Quiz CRUD Operations Endpoints

New API quiz related endpoints (create, get, list, update, and delete a quiz) have been added.

Note: Quiz Item related endpoints will be released at a later date. Additionally, at the time of this announcement there is a known issue when creating a course and trying to create a New Quiz with the API without launching any New Quizzes on the UI, users will receive an error. The workaround is to create and build one New Quiz in the course. This should be resolved before the production release.

For more information, see the New Quizzes quiz operations API in beta blog.

Announcement Date: 2023-03-28

New Quizzes

New Quiz Item CRUD Operations Endpoints

New API quiz item related endpoints (get, list, create, update, delete a quiz item) have been added.

Note: Beta Availability date is 2023-03-30

2023-04-12

CLI Update

Announcement Date: 2023-04-05

Version 0.3.1 to DAP Client Library and CLI includes:

fixes a regression with incremental queries where interchanged use of naive and timezone-aware datetime instances in library code can cause updates to be missed with non-UTC timezones
fixes documentation of public-facing member functions where the functions had wrong or misleading doc-string summary and/or parameter descriptions
fixes a race condition in synchronizing a local database in which the same objects were manipulated both in a synchronous and an asynchronous context with the risk of data loss
introduces new package dependencies aiohttp and aiofiles for asynchronous data processing
removes direct package dependency on requests

2023-02-15

Announcement date: 2023-02-03

Changed

Line Item/Result URLs are Unique with Multiple Subdomains

In Account Settings, the account’s primary domain found under the Canvas Cloud information header is used to generate third-party resource links. Previously, third-party tools who stored resource links on their side experienced an issue with institutions that had multiple domains. Those same resources could have had multiple IDs, one for each domain used.

Note: This does not require any action from the institution or the third-party tool, and will ensure that only one unique ID is created per resource.

The affected values are:

The URLs in the AGS claim in LTI 1.3 launch, as described by Learning Tools Interoperability Assignment and Grade Services Version 2.0 | IMS Global Learning Con....
The URLs used as IDs returned in the various AGS endpoints, such as the "id" in Learning Tools Interoperability Assignment and Grade Services Version 2.0 | IMS Global Learning Con....
The NRPS claim within the LTI 1.3 launch.
The URL used as an ID field in the NRPS endpoints. For examples see the Learning Tools Interoperability Names and Role Provisioning Services Version 2.0 | IMS Global Learn....

Added

Course Pacing API

Course Pacing Endpoints

Course Pacing API documentation for the course pace endpoints has been added.

Note: Section pace endpoints are not documented at the time of this change log release.

2023-01-04

Changed

SIS Imports API

Shorten Duration of SIS Error Attachment

The errors_attachment URL generated in the response of the /api/v1/accounts/:id/sis_imports API has been reduced to one hour. If the download URL is expired, an authenticated user can regenerate a new URL by using sis_imports API endpoint again.

View 2022 Canvas API Change Log Archive

Subscribe to this document for content updates. To learn how, see Canvas Change Log FAQ

Naomi · ‎09-11-2024

...pplications or created manually. Using the Canvas API allows the access token holder to access the same Canvas resources that you can access. For example, third-party applications, including devices you h...

You can manage API access tokens from your User Settings. Access tokens provide access to Canvas resources through the Canvas API. Access tokens can be generated automatically for third-party applications or created manually.

Using the Canvas API allows the access token holder to access the same Canvas resources that you can access. For example, third-party applications, including devices you have used to open the Canvas Student app, are authorized to access Canvas on your behalf. For more information on using the Canvas API, view the Canvas API documentation.

Note: If you are an admin, you can limit the ability to manage access tokens to admins only. Learn about the Admin Manage Access Tokens account feature option in the Canvas Feature Option Summary resource document.

Please accept the cookie policy before viewing this external content.

Open User Settings

In Global Navigation, click the Account link [1], then click the Settings link [2].

View Access Tokens

Third-party applications with access tokens and user-generated access tokens are listed in the Approved Integrations section [1].

For each access token, you can view the name [2], purpose [3], expiration date [4], and date of last use [5].

Note: Mobile access tokens are generated for you when you log in to a Canvas mobile app and never expire. To remove access for a mobile application, the access token must be deleted.

Add Access Token

To manually add an access token, click the Add New Access Token button.

Note: If the Add Access Token button is unavailable, your institution may allow only admins to generate access tokens. If you are an admin, you can learn more about the Admin Manage Access Tokens account feature option in the Canvas Feature Option Summary resource document.

Add Token Details

Enter a description for your access token in the Purpose field [1]. You can select an expiration date by clicking the Expiration date field or the Calendar icon [2]. You can also select an expiration time from the Expiration time drop-down menu [3]. To generate a token with no expiration, leave the expiration fields empty.

To generate a new access token, click the Generate Token button [4].

View Access Token

View the token description [1]. To view details for the token, click the details link [2].

View Token Details

The access token details include a token that can be used to make API calls on your behalf [1].

To regenerate an access token, click the Regenerate Token button [2].

Delete Access Token

To delete an access token, click the Delete icon.

Confirm Deletion

To confirm the deletion, click the OK button.

swynn · ‎06-24-2022

Quickstart: Issuing Open Badges with the Canvas Badges API Here are some guided examples through which you can learn how to use the Canvas Badges API by showing you h...

Quickstart: Issuing Open Badges with the Canvas Badges API

Here are some guided examples through which you can learn how to use the Canvas Badges API by showing you how to authenticate, create an Issuer, define a BadgeClass, and issue an Assertion. There are many more things that you can do with the Canvas Badges API. See full Canvas Badges API Docs (US region) for a list of endpoints.

Regional Environments

We support servers in various regions as well as a test server. The UI domain and API domain vary based on which server you are using. Please review the domains for Canvas Badges environments around the globe. We use the US domain as a default in our documentation so be sure to substitute the proper domain if you are not using the US production servers.

Authentication

Canvas Badges uses OAuth2 for most operations. As an API client user, you may obtain an OAuth2 Bearer Token on behalf of your own Canvas Badges user account using a password-based grant, or you can obtain such auth tokens on behalf of many users by registering your own Connected App. See more about registering for an app key and secret here.

Obtaining a Token

This guide will focus on getting started quickly, so we’ll use a password-based grant on Canvas Badges’s US-based free hosted service, or use a different region as described above. Request authentication by making a POST request to https://api.badgr.io/o/token with your email address and password as the username and password request parameters. This request may be made with a JSON request body, form-data, or x-www-form-urlencoded.

For example, from cURL: curl -X POST 'https://api.badgr.io/o/token' -d "username=YOUREMAIL&password=YOURPASSWORD"

You’ll receive a document in response like the following:

{

"access_token": "YOURACCESSTOKEN",

"token_type": "Bearer",

"expires_in": 86400,

"refresh_token": "YOURREFRESHTOKEN",

}

Don’t have a password on your account? In order to use the password-based grant, you need to set a password on your account. You might not have one already if you created your account via sign-in from an external identity provider, such as Facebook or Google. You can add a password once signed in from your Profile page. If you don’t yet have an account, sign up for a free one here. You will need a verified email address to access the following APIs, so make sure to complete that step.

Authenticating requests with an OAuth2 Bearer token

Add an Authorization header to each of the subsequent API requests with a value of Bearer YOURACCESSTOKEN, (replacing YOURACCESSTOKEN with the value of the access_token key in the above response).

You may use this token to request any API that your user has access to (the default “scope” you obtained above was very permissive – rw:profile rw:issuer rw:backpack, so it can be used to make any of the API calls your user needs to make).

For example, in a request to retrieve the user’s own profile made from cURL, this header would be set like: curl 'https://api.badgr.io/v2/users/self' -H "Authorization: Bearer YOURACCESSTOKEN"

Response Envelope

All responses from the V2 Canvas Badges API that have a body wrap this body in a JSON response envelope that provides the resulting data of the request as well as metadata about the success or failure of the request. Result is always a list ([]) even when there is only a single entity or no entities in the result.

An example successful response body:

{
"status": {
"description": "ok",
"success": true
},
"result": [
{
"entityId": "g66EErPYSZOyssbD79U3zB"
}
]
}

Each of the entities in the following examples will be returned upon successful creation will have an entityId property that will be used to identify it for subsequent API calls (typically in the request path when creating or viewing related entities).

An example unsuccessful response body:

{
"status": {
"description": "bad request",
"success": false
},
"result": [],
"validationErrors": ["Form-level errors (crossing multiple fields) appear here."],
"fieldErrors": {
"name": ["This field is required."]
}
}

The validationErrors and fieldErrors properties only appear in the document when status.success is false.

Issuer API

Some of the most important API calls that clients make against the Canvas Badges API are to issue badges. Issuing manually via the web interface is great, but in order to scale your badge issuing programs, you’ve got to start automating, and the Canvas Badges API makes it easy. Every badge is awarded by an Issuer, so we’ll start by creating an Issuer Profile, then we’ll define the BadgeClass to award, and finally we’ll award an Assertion of that BadgeClass.

Each of the three requests we’ll start with in this section is a POST request. We recommend using the API in JSON for both request body Content-Type and response body content. By default if you do not specify an Accept: application/json header, JSON will be returned.

Create Issuer Profile

Request Path: /v2/issuers

An Issuer Profile describes an organization or person that awards Open Badges. It is published as the Open Badges Profile https://openbadgespec.org/#Profile class.

Properties:

name is required: string.
description is required: string.
url is required. This should be a fully-qualified URL of a page that describes this issuer/program.
image is optional should be base-64 encoded strings and may only be PNG or SVG. For example, a small PNG image file should appear like this in request bodies that require an image field: "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mN0nmxRDwADvgGPapFGzwAAAABJRU5ErkJggg=="
email must be a verified email on the authenticating user’s Canvas Badges account. Get /v2/users/self to retrieve your profile and see your verified email addresses.

Define BadgeClass

Request Path: /v2/issuers/:issuer_entity_id/badgeclasses A BadgeClass is a type of badge that an Issuer may award over and over (creating many Assertions of that BadgeClass, each for a different recipient). See Open Badges Specification: BadgeClass https://openbadgespec.org/#BadgeClass

Properties:

name is required: string.
description is required: string.
image is required and may only be PNG or SVG format. For example, a small PNG image file should appear like this in request bodies that require an image field: "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mN0nmxRDwADvgGPapFGzwAAAABJRU5ErkJggg=="
Criteria is required. One or both of criteriaNarrative (a markdown-formatted string) and/or criteriaUrl (a fully-qualified URL of a page representing the criteria for this badge) must be supplied.
tags is optional. If present, it should be a list ([]) of one or more strings;
alignments is optional. If present, it should be a list ([]) of one or more JSON objects that each have these properties:
targetName required, string
targetUrl required, fully-qualified URL string
targetDescription optional, string
targetFramework optional, string (what competency framework name does this alignment target fall under?)
targetCode optional, string (is there a sub-tag under the targetUrl that distinguishes this from other possible targets that you would identify with the EXACT same URL? Only use this if the targetUrl would be otherwise ambiguous.)

Issue Assertion

Request Path: /v2/badgeclasses/:badgeclass_entity_id/assertions

An Assertion is an instance of a BadgeClass (type of achievement recognized by an Issuer) that is awarded to one recipient. There might be many Assertions of a particular BadgeClass that an Issuer has awarded to different recipients. See Open Badges Specification: Assertion https://openbadgespec.org/#Assertion

Properties:

recipient is required, (the only required property) and it must be a JSON object with at least an identity key. Other optional properties of the recipient “IdentityObject” include: type (what type of identifier is identity? Choose between email, telephone, and url); and hashed (boolean, should the identity be hashed in the final Open Badges Assertion?). When you GET the object back from the API, plaintextIdentity, a read-only property appears to show you what your original identity value was in case it is obscured behind the public-facing hash (when hashed == true).
Evidence may be expressed in terms of an overall “narrative” and/or one or more “evidence items”. narrative is an optional property that accepts Markdown-formatted strings. evidence is a property that accepts a list ([]) of JSON objects ({}) that each have a narrative and/or an id (which is a URL to a piece of evidence hosted on HTTP)
Note that image is read-only on this endpoint. The “baked” image will be generated from the BadgeClass image by the server.
issuedOn is optional: you may override the issue date with a date in the past. Expects an ISO8601 formatted datetime stamp including time zone identifier. e.g. 2018-11-26T13:45:00Z (In this case, “Z” stands for “Zulu”, UTC)
expires is an optional expiration date for the Assertion. Same format expectations as issuedOn.
notify is an optional boolean property. Should the recipient be notified by email? (only functions with the email recipient type). Note: for required privacy disclosures, an email notification will be sent to the recipient upon the first award to each email address on a particular Canvas Badges server.

Helpful Links

Back to the App Developers
See the full list of API endpoints at the Canvas Badges API Docs (US region).
Sign up for a free account on Canvas Badges.

matt2 · ‎01-29-2025

...ttp client being used is PowerShell's Invoke-Webrequest cmdlet. An example URI is: https://<domain>.instructure.com/api/v1/courses/47594/enrollments/4381761/reactivate

I'm using the API doc here to attempt to re-activate an enrollment that's in the completed state:

https://canvas.instructure.com/doc/api/enrollments.html#method.enrollments_api.reactivate

I can confirm I'm formulating the URI and the request exactly as documented, but I keep getting a 400: Bad Request error response. Should this work for a completed enrollment?

For reference, the http client being used is PowerShell's Invoke-Webrequest cmdlet. An example URI is:

https://<domain>.instructure.com/api/v1/courses/47594/enrollments/4381761/reactivate

erinhmcmillan · ‎12-04-2020

...List External Tools Endpoint Example response includes is_rce_favorite parameter Get a Single External Tool Endpoint API Response Field includes is_rce_favorite parameter Create an E...

The Change Log Archive page displays previous API changes from 2020 noted in the API Change Log. The heading date indicates the date that the API code was made available in the production environment.

2020-12-16

Additions

Roles API | Create a New Role Endpoint

Added manage_wiki_create, manage_wiki_delete, manage_wiki_update values

2020-12-02

Additions

External Tools LTI Variable Substitutions

Added Context.id.history variable

Canvas Data Services Page

Added Canvas Data documentation

2020-11-18

Additions

Calendar Events API Controller | Get Course Timetable Endpoint

Added events[][title] parameter
- Developer Contribution: Update documentation for CalenderEventsApiController

External Tools LTI Variable Substitutions | Enrollments CSV

In Status field, added deleted_last_completed

Scores API | Create a Score Endpoint

In https://canvas.instructure.com/lti/submission parameter, added submission_at value

Users API | Edit a User Endpoint

Added user[pronouns] parameter

2020-11-04

Additions

External Tools LTI Variable Substitutions

Added com.instructure.Observee.sisIds variable

2020-10-21

Additions

Group Categories API

Added Import Category Groups Endpoint

Group Category Import Format Documentation

Added Group Category Data Format

Modules API

CompletionRequirement Object: added must_mark_done parameter
Create a Module Item Endpoint:

Module_item[completion_requirement][type]: added must_mark_done parameter

Update a Module Item Endpoint:

Module_item[completion_requirement][type]: added must_mark_done parameter

SIS Import Format Documentation | Users.csv

Changed pronouns field to support all pronouns, even if they weren’t previously created in the Account Settings page

2020-10-07

Additions

Accounts API | TermsOfService Object

Added self_registration_type parameter

Submission Comments API

Added Edit a Submission Comment and Delete a Submission Comment Endpoints

Open Source Contribution: Add API endpoints to edit and delete submission comments

2020-09-23

Additions

Assignments API | Assignments Object

Added can_submit parameter (optional)

Removals

Users API

Deprecated Create a User Endpoint (for self-registration only)
Deprecated Self Register a User Endpoint

Initial posting date: 2020-07-01

2020-09-09

Additions

Assignment Group API | Get an Assignment Group Endpoint

Added score_statistics in the include[] parameter

Open Source Contribution: Add score statistics to the assignments API as an 'include' option #1669

External Tools LTI Variable Substitutions

Added com.instructure.User.sectionnames variable

2020-08-12

Additions

External Tools LTI Variable Substitutions

Added Canvas.assignment.lockdownEnabled variable

2020-07-27

Additions

SIS Import Format Documentation | Enrollments.csv

Added notify parameter

2020-07-15

Removals

Users API | Create a User Endpoint

Deprecated user[birthdate] parameter

Removal date: 2020-10-07

Browser Protocols TLS 1.0 and 1.1

Removed support for TLS 1.0 and 1.1 protocols for web traffic.
Users may be affected if applications are parsing page content or using a script against Canvas APIs.
Background regarding these changes can be found in Deprecating TLS 1.0 & 1.1.

Initial Posting Date: 2020-04-18

2020-07-01

Removals

Users API

Deprecated Create a User Endpoint (for self-registration only)
Deprecated Self Register a User Endpoint
Removal date: 2020-09-23

2020-06-20

Removals

Assignments API | Assignment Object

Removed muted parameter

Initial posting date: 2020-02-26

Enrollments API

Changed bookmarks management to align with opaque pagination links, which helps minimize the pagination impact on the database.
App developers relying on Canvas APIs need to update how their apps manage pagination using “rel” headers, rather than the numerical page number, as noted in Pagination - Canvas LMS REST API Documentation.

Initial posting date: 2020-02-15

2020-06-06

Additions

Calendar Events API | CalendarEvent Object

Returns context_code parameter

Courses API | Update a Course Endpoint

Added syllabus_course_summary parameter

External Tools API

List External Tools Endpoint

Example response includes is_rce_favorite parameter

Get a Single External Tool Endpoint

API Response Field includes is_rce_favorite parameter

Create an External Tool Endpoint

Added is_rce_favorite parameter

External Tools LTI Variable Substitutions

Added com.instructure.User.observees variable

2020-05-23

Additions

CommMessages API | List of CommMessages for a User Endpoint

Added time period clarification for start_time and end_time parameters

SIS Import Format Documentation

Added pronoun parameter

Removals

Developer Keys

Removed paragraph about developer key requests

2020-05-09

Additions

Enrollments API | Grade Object

Returns current_points and unposted_current_points parameters

Enrollments API | List Enrollments Endpoint

Added current_points as a value in the include[] parameter

Logins API | Edit a User Login Endpoint

Added login[authentication_provider_id] parameter
Added example request and example response

SIS Import Format Documentation | Courses.csv

Added published as a value in the status parameter

2020-04-25

Additions

Accounts (LTI) API

Added Endpoint

Enrollments API | Enroll a User Endpoint

Added enrollment[start_at], enrollment[end_at] parameters

User Observees API

Added List Observers, Show an Observer Endpoints

2020-04-18

Additions

Assignments API | List Assignments Endpoint

Added can_edit as a value in the include[] parameter

Assignments API | Get a Single Assignment Endpoint

Added can_edit as a value in the include[] parameter

Assignment Groups API | List Assignment Groups Endpoint

Added can_edit as a value in the include[] parameter

Blueprint Courses API | Begin a Migration to Push to Associated Courses Endpoint

Added publish_after_initial_sync parameter

Removals

Browser Protocols TLS 1.0 and 1.1

This change is enabled in the beta environment to allow for testing until 2020-09-18, at which time the change will be deployed to the production environment.
Removed support for TLS 1.0 and 1.1 protocols for web traffic.
Users may be affected if applications are parsing page content or using a script against Canvas APIs.
Background regarding these changes can be found in Deprecating TLS 1.0 & 1.1.

2020-04-11

Additions

Conferences API

Added List Conferences for the Current User Endpoint

Conferences API | Conference Object

Returns context_type and context_id

2020-04-04

Additions

Accounts API | HelpLinks Object

Custom help links and Default help links return is_featured, is_new, and feature_headline parameters

Assignments API

Added Bulk Update Assignment Dates Endpoint

Assignments API | Edit an Assignment Endpoint

Added clarification about +assignment key in assignment[assignment_overrides] parameter

Course Audit Log Account API

Added Query by Account Endpoint

2020-03-25

Additions

Assignments API | Create an Assignment Endpoint

Added not_graded value in assignment[grading_type] parameter

Media Objects API

Added MediaTrack Object
Added List Media Tracks for a Media Object Endpoint
Added Update Media Tracks Endpoint

Changes

External Tools API | Create an External Tool Endpoint

In resource_selection[enabled] parameter, changed description to clarify that if set to false, not_selectable must also be set to true in order to hide this tool from the selection UI in modules and assignments
In not_selectable parameter, changed description to clarify that if set to true, and if resource_selection is set to false, the tool won’t show up in the external tool selection UI in modules and assignments

Removals

API Change Log and Breaking Changes

The API Change Log and Breaking Changes page have been removed from the API Documentation. These pages are located in Canvas Community Canvas Platform Services.

2020-03-21

Additions

Courses API | Update a Course Endpoint

Added syllabus_course_summary parameter

2020-03-11

Additions

External Tools API | Create an External Tool Endpoint

Added disabled and enabled values to course_navigation[default] parameter

Changes

External Tools API | Create an External Tool Endpoint

Changed boolean to string

2020-02-26

Additions

Assignments API | Assignment Object [REVERTED 2020-02-27]

Added hidden_submissions_count parameter

SIS Import Format Documentation | Logins.csv

Root Account row: Clarified that this field is required when identifying a user in a trusted account.

Changes

Feature Flags API | Feature Object

Changed name property to feature

Removals

Assignments API | Assignment Object

Deprecated muted parameter [Update 2020-02-27: a new parameter will be added in a future deploy]
Removal date: 2020-06-03

2020-02-15

Additions

Developer Keys

In the Canvas interface Administrative Notifications alert, added functionality for admins to receive a notification when tokens are manually created in the account or existing manually created tokens are regenerated in the account

Changes

Enrollments API

This change is enabled in the beta environment to allow for testing until 2020-06-20, at which time the change will be deployed to the production environment.
Changed bookmarks management to align with opaque pagination links, which helps minimize the pagination impact on the database.
App developers relying on Canvas APIs need to update how their apps manage pagination using “rel” headers, rather than the numerical page number, as noted in Pagination - Canvas LMS REST API Documentation.

2020-02-12

Additions

Files API

Added Reset Link Verifier Endpoint

External Tools LTI Variable Substitutions

Added Canvas.course.endAt variable

2020-01-29

Additions

Groups API | List Group’s Users

Added exclude_inactive parameter

Changes

Developer Keys | Canvas API Includes

Changed documentation to note responses to requests made with a scoped access token only support this functionality when the Allow Include Parameters option is also enabled. When this option is disabled, a request is made with a scoped token Canvas will ignore include and includes parameters.
The Allow Include Parameters option can be enabled when creating a new API Developer Key in the Canvas interface. Additional details about this feature can be found in the Canvas Release Notes (2020-02-15).

2020-01-18

Removals

Assignments API | Create an Assignment Endpoint | Assignment[muted] parameter

Deprecated for enforcement of New Gradebook

Initial post date: 2019-07-13

2020-01-15

Additions

Assignment Groups API | List Assignment Groups Endpoint

Added observed_users parameter

Content Shares API

Added API

View 2019 Canvas API Change Log Archive

balm_simon · ‎08-23-2024

I am try to use the New Quizzes API to modify an existing quiz. For example, to remove the restrict student result view I use the following call with cURL: curl https://domain.edu:443/api/quiz/v1/c...

I am try to use the New Quizzes API to modify an existing quiz. For example, to remove the restrict student result view I use the following call with cURL:

curl https://domain.edu:443/api/quiz/v1/courses/51989/quizzes/1765410 -X PATCH -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -d "quiz[quiz_settings][result_view_settings][result_view_restricted]=false"

If nobody has taken the quiz yet, the call parses correctly and the restrictions are removed. However, the call also results in the quiz being unpublished. If I try on a quiz which has already been answered no changes are made with the error:

{"errors":[{"workflow_state":"Can't unpublish if there are student submissions"}]}

I can't understand why this call is causing the quiz to attempt to unpublish. Is this a bug or am I missing something? Thanks in advance if anyone has any ideas.

Naomi · ‎03-18-2023

...ostman Example with Postman using a Client ID and Client Secret pair for authorization: collection and environment file Notes: The Postman reference solutions are examples and were created t...

After generating a Canvas Data 2 (CD2) ClientID and secret, you can set up Canvas Data 2 via the API Gateway.

This article references the API client, Postman, however, you can use any API client of your choice.

Use Canvas Data 2 API Resources

View Canvas Data 2 Usage Workflow resource document
API specification and schema
Step by step video with Postman
Example with Postman using a Client ID and Client Secret pair for authorization: collection and environment file

Notes:

The Postman reference solutions are examples and were created to demonstrate and make it easier to quick start and try out the API flow. We are not committing to maintain it for this community. You can use any API client of your choice.
If you are using Postman client then it is good to know that if you download the OpenAPI spec, it can be directly imported into Postman (and most probably other API clients have similar features).

Generate Client ID and Secret

Before using Postman, you need to generate a Client ID and Secret for Canvas Data 2.

Import Collection File

In Postman, click the Collections link [1] and then click the Import button [2].

Download and import the Postman Collection file.

Upload Collection File

Click the Upload Files button.

Locate the collection file and click the Open button.

Import Postman Collection File

Click the Import button.

View Collection

View the collection file.

Import Environment File

In Postman, click the Environments link [1] and then click the Import button [2].

Download and import the Postman Environment file.

Upload Files

Click the Upload Files button.

Locate the collection file and click the Open button.

Import Postman Environment File

Click the Import button.

View Environment

View the environment.

In the CLIENT_ID field [1] and CLIENT_SECRET field [2], add the Client ID and Secret generated in Identity Services.

To save the collection, click the Save icon [3].

View Additional Resources

Entity relationship visualiser
PostgSQL schema or MySQL schema: meant to capture the database structure of data queried with DAP API. One can populate this structure by feeding TSV or CSV data with COPY, good for inserting both snapshots and incremental updates.

swynn · ‎06-24-2022

...ode in the query parameter code your application will need to exchange that temporary code for a long-lived Access Token via a POST request. Here’s an example using curl: curl https://api.badgr.io/o/t...

What is a Canvas Badges Connected App?

A Canvas Badges Connected App is any web service that makes use of Open Badges as an issuer or displayer. If you want to bring verifiable achievements into your ecosystem, connect to Canvas Badges’s API to make it easy.

Issuer Apps

Issuer apps react to events in their own domain to award new badges to users.

Displayer Apps

Displayer apps help users show off and get value from the badges they have earned.

Connecting to Canvas Badges

API Access with OAuth2 Authorization Code Grants

Canvas Badges offers OAuth2 Identity Provider/Authorization Server/Resource Server functionality to help your Connected App securely obtain a user-specific API token to use to access that user’s badges. You can add a Connect to Canvas Badges or Login with Canvas Badges button to your service. There are several Canvas Badges servers deployed in different regions around the world, and your app can connect with each desired Canvas Badges region separately. In order to sign OAuth requests to a particular Canvas Badges server, your service needs to establish a shared secret with the administrator of that Canvas Badges server.

You can build apps that connect with Canvas Badges. Contact Canvas Badges to request an application key and secret for signing your OAuth requests. Describe what you’re planning on building and what type of information you need from Canvas Badges users.

Requesting access to the Canvas Badges API

For each availability region of the Canvas Badges service, when you request a developer key, an application record will be created with a key and secret. When you request a key, make sure to describe which region you would like to use (Test sandbox, Australia, Canada, EU/Ireland, Singapore or US). These regional servers also have their own UI and API domain, so be sure to use the correct domain based on which server you are using. We use the US production server as a default in our documentation. The ability to automatically obtain a key and secret for certain types of applications is also available via the Badge Connect (Open Badges 2.1) protocol. These scopes allow your app to access a user's backpack to read their badges or send them new badges.

Permission Scopes

Issuer and displayer apps need some combination of permissions to issuer and backpack (recipient) API endpoints. These are accomplished by requesting a set of permission scopes when you register your application with the Canvas Badges server administrator. These scopes or a subset of them will be available to you when you request authorization on behalf of a user of your app.

Profile Scope (Automatic)

r:profile This allows you to get information about the user that they have defined in Canvas Badges, including their firstname, lastname, and registered email addresses. This scope is automatically available. It gives you the ability to access the GET /v2/user/profile endpoint.

Issuer Scopes

r:issuer This allows you to get information about the issuer profiles where the authenticated user acts as a staff member, editor, or owner. You may view issuer metadata, badges defined by these issuers, and badge awards granted by these issuers.
rw:issuer This allows read/write access to the resources above, to the extent that the authenticated user may perform these actions. "Staff" level users may read all data and award new instances of defined badges; "Editor" level users may also define new BadgeClasses and edit existing ones. "Owner" members may modify the staff list.

Backpack Scopes

r:backpack Allows you to read assertions that the user has received from issuers on this Canvas Badges server or imported into their backpack from external Open Badges issuers.
rw:backpack Allows you to read, create, and update assertions and collections of assertions. For assertions, this means you can trigger import of an Open Badges assertion defined elsewhere, pushing it to the recipient’s backpack.

The OAuth2 Dance (Authorization Code grant workflow)

Once you have emailed us your Scope and Redirect URIs and we have replied with a client_id and client_secret—we can dance. Suppose a Canvas Badges user would like to grant you access to her badges, issuers and profile information. First, create a “Login with Canvas Badges” button on your website that links to the following URI (line breaks added for readability):

https://badgr.com/auth/oauth2/authorize?

client_id=123&redirect_uri=https%3A%2F%2Fexample.com%2Fauth&scope=r%3Aprofile%20rw%3Aissuer%20r%3Abackpack

Set client_id to the Client ID you received from the Canvas Badges team. Set redirect_uri to the Redirect URI for your application (url encode this and all parameters). We use this to redirect the user back to your website with an Authorization Code after they have logged in and granted you access. Set scope to the level of access you are requesting.

After Canvas Badges redirects the user back to your application with the Authorization Code in the query parameter code your application will need to exchange that temporary code for a long-lived Access Token via a POST request. Here’s an example using curl:

curl https://api.badgr.io/o/token -d \

"grant_type=authorization_code\

&code=XYZ\

&client_id=123\

&client_secret=ABC\

&redirect_uri=https://example.com/auth"

Note: You may pass a state parameter, which should be a URL-safe URL-encoded string. For example, you may encode a small snippet of JSON. This parameter will be passed back to you at your Redirect URL

Exchange this authorization_code for an access token.

curl https://api.badgr.io/o/token \

-d "grant_type=authorization_code&code=authorization_code"

And that’s it! You’re done. You’ll receive a document like this:

{

"token_type": "Bearer",

"access_token": "C1HePsbwS3tUmwC6OCKsC41w96xckc",

"expires_in": 86400,

"refresh_token": "xwHPFwH55tQpCy3qCgsIW59k3g3aPh",

"scope": "rw:issuer rw:profile rw:backpack"

}

And that’s it! You can store the access token in your application. You may now use the access_token obtained from this request to authenticate API requests. See Using the Canvas Badges API below.

Here is a diagram showing the initial authorization flow:

The OAuth2 Dance (Authorization Code grant workflow)

Your access token will expire (by default, 24 hours after issue). At that point, you may refresh it using the refresh_token included with the token. Refresh tokens are long-lived and must be stored securely. Access tokens also must be stored securely, but are lower risk due to their shorter duration. You may obtain a new access token using your refresh token by making a new POST to the authorization endpoint.

curl https://api.badgr.io/o/token -X POST -d \ "grant_type=refresh_token&refresh_token=YOURREFRESHTOKEN&client_id=YOURCLIENTID&client_secret=YOURCLIENTSECRET"

You will get back a new token document, including a new access_token and refresh_token. The new access token will be valid for the identified number of seconds.

Note: If you have given us a localhost Redirection URI remember to use our test sandbox environment's endpoints for testing. Use https://test.badgr.com/auth/oauth2/authorize and https://api.test.badgr.com/o/token. For more detailed information on OAuth2 read RFC 6749 https://tools.ietf.org/html/rfc6749. For production environments, HTTPS is required for redirect URIs, and localhost or developer machine tunnel domains are not permitted.

Using the Canvas Badges API

Quickstart View the Canvas Badges API Docs

To authenticate a request using an OAuth token use the Authorization header with a value of Bearer, a space character, then the token you have obtained. E.g. Authorization: Bearer cZTp1ZMMSasZ4mbP2u2Pjt4NH3AVIf

Requests to the /v2/ API are all returned by default in JSON with a default response envelope. If successful, the result key will have a [] list of result objects, and single results will appear as a single entry within this JSON array. Try out the OAuth flow and making requests by creating a free account and clicking the Authorize button on the API Docs.

ScottMo · ‎08-31-2024

Does anyone have an example of how to add a user to a course via the API? I can see how to do it via browser but im trying to automate enrollment into a class.

Nva2023 · ‎09-10-2024

...re coming through empty, likely due to an incorrect JSON format in the body. Unfortunately, the Canvas documentation doesn't provide an example for creating matching questions. If you could share an example...

Hi James! @James

I'm currently struggling with creating matching questions via API from a text file. While I'm able to create the matching question itself, the matching values are coming through empty, likely due to an incorrect JSON format in the body. Unfortunately, the Canvas documentation doesn't provide an example for creating matching questions.

If you could share an example, it would be greatly appreciated!

You're signed out

Search

Search the Community

2023-12-16

2023-11-22

2024-11-20

2023-11-13

2023-11-02

2023-10-21

2023-10-15

2023-10-11

2023-09-27

2023-09-16

2023-08-30

2023-08-23

2023-08-16

2023-08-07

2023-08-02

2023-07-19

2023-07-17

2023-07-05

2023-06-21

2023-06-17

2023-06-07

2023-05-24

2023-05-10

2023-04-26

2023-04-15

2023-04-12

2023-02-15

2023-01-04

Open User Settings

View Access Tokens

Add Access Token

Add Token Details

View Access Token

View Token Details

Delete Access Token

Confirm Deletion

Quickstart: Issuing Open Badges with the Canvas Badges API

Regional Environments

Authentication

Obtaining a Token

Authenticating requests with an OAuth2 Bearer token

Response Envelope

Issuer API

Create Issuer Profile

Define BadgeClass

Issue Assertion

Helpful Links

2020-12-16

2020-12-02

Additions

2020-11-18

Additions

2020-11-04

Additions

2020-10-21

Additions

2020-10-07

Additions

2020-09-23

Additions

Removals

2020-09-09

Additions

2020-08-12

Additions

2020-07-27

Additions

2020-07-15

Removals

2020-07-01

Removals

2020-06-20

Removals

2020-06-06

Additions

2020-05-23

Additions