Creating integrations

To get started integrating into Canva, you must create and configure an integration on the Canva Developer Portal⁠(opens in a new tab or window).

Your Canva account must have Multi-factor Authentication (MFA)⁠(opens in a new tab or window) enabled before you can create an integration.

1. Log in to the Developer Portal⁠(opens in a new tab or window).
2. Navigate to the Your integrations⁠(opens in a new tab or window) page.
3. Click Create an integration.
4. Select the type of integration you want to create:
   • Public: Public integrations are available to all Canva users, but the integration must first be reviewed by Canva and meet the integration requirements.
   • Private: Private integrations can only be used by your team on a Canva Enterprise⁠(opens in a new tab or window) plan.
5. Select the checkbox to agree to the Canva Developer Terms⁠(opens in a new tab or window).
6. Click Create integration.

1. On the Configure your integration page, set a name for your integration.

   This name is how users identify your integration, for example when going through the authorization process.

2. Under Credentials, copy and save the value for your Client ID.

3. Click the Generate secret button, and save the generated Client secret value in a secure location.

   Make sure you save the client secret, as you won't be able to view it again.

Scopes define the access permissions that your integration needs for a user's account.

1. In the left menu, navigate to Scopes.

2. Under Reading and writing, select the scopes that your integration needs when acting on a user's behalf. For a description of each scope, see Scopes. To receive webhook notifications from Canva, see the required scopes in the webhooks documentation.

   Only select the scopes that are required for your integration.

   For public integrations, you will be asked to justify the selected scopes during the integration submission and review process.

3. If you want your integration to receive webhook notifications from Canva, under Notifications enable Enable collaboration:event.

   1. In the Webhook URL field, enter the URL that will receive the webhook notifications.

The Canva Connect APIs use the OAuth 2.0 Authorization Code flow with Proof Key for Code Exchange (PKCE) for user authorization. As part of the authorization process, you must provide at least one redirect URL to redirect the user to after they authorize your integration in Canva. For more information, see Authentication.

1. In the left menu, navigate to Authentication.

2. Under Authorized redirects, add at least one redirect URL. If required, you can add up to 10 redirect URLs.

   You must only add URLs that you or your organization controls.

   For local development, you can add http://127.0.0.1:<port> as a redirect URL (localhost isn't allowed). However for public integrations, you won't be able to submit your integration for review until you remove the local URL.

   This page includes the Authorization URL generator, which lets you generate an authorization URL that is pre-filled with most of your integration's details.

Learn fundamentals for the Connect APIs, including:

• Handling authorization and authentication.
• How API versions work.
• Security recommendations.
• Key Canva-specific concepts.