Skip navigation

Skip to main content

The Canva Button is only available for users in China. If your users aren't in China, you can't use the Canva Button. There are no plans to make the Canva Button available outside of China.
Platform concepts
Platform concepts

Domain restrictions

By default, Canva Button API keys are locked to the following domains:

  • canva.com
  • localhost

If you try to use your API keys from other domains, Canva blocks the request and responds with a Forbidden (403) error.

Because of domain restrictions, it's not possible to add the Canva Button to an HTML file on your local machine and open that file in a web browser. You need to serve the HTML file via localhost. To learn more, refer to Local development.

Adding domains to the allowlist

To add a domain to Canva's allowlist:

  1. Log in to the Developer Portal(opens in a new tab or window).
  2. Under the Your Canva Button integrations heading, find the relevant integration and select View.
  3. Select Add a referrer domain.
  4. Enter a domain in the text field, such as example.com.

Changes to the form save automatically.

Using wildcard symbols

You can use the wildcard symbol (an asterisk) when adding domains in the allowlist. This makes it possible for Canva to accept requests from variations of a domain name.

The following table demonstrates some ways to use the wildcard symbol:

Domain
Matches
example.com
The exact domain name.
*.example.com
The domain name and subdomains.
*.example.com*
The domain name, subdomains, and subdirectories.