POST /configuration/delete
If an app supports authentication, Canva sends a POST request to the following endpoint when a user disconnects the app from Canva:
<authentication_base_url>/configuration/delete
The purpose of this request is to de-authenticate the user, allowing them to either re-authenticate with different credentials or to simply remove the connection between Canva and the app's backend.
When sending this request, Canva replaces <authentication_base_url> with the app's Authentication base URL. You can configure this URL via the app's Authentication page.
For guidelines on creating a delightful authentication flow, see Optimizing the authentication flow.
Request
Endpoint
POST <authentication_base_url>/configuration/delete
Headers
Property | Type | Required | Description |
|---|---|---|---|
X-Canva-Signatures | string | Yes | A comma-separated list of request signatures. The name of this header is sometimes lowercase (e.g. x-canva-signatures). |
X-Canva-Timestamp | string | Yes | The UNIX timestamp (in seconds) of when Canva sent the request. The name of this header is sometimes lowercase (e.g. x-canva-timestamp). |
Body
Properties
Property | Type | Required | Description |
|---|---|---|---|
user | string | Yes | The ID of the user. |
brand | string | Yes | The ID of the user's team. |
Example
{"user": "<user>","brand": "<brand>"}
Responses
200 - Success
Properties
Property | Type | Required | Description |
|---|---|---|---|
type | "SUCCESS" | Yes | The type of response. |
Example
{"type": "SUCCESS"}
200 - Error
Properties
Property | Type | Required | Description |
|---|---|---|---|
type | "ERROR" | Yes | The type of response. |
errorCode | string | Yes | An error code that describes what went wrong. Enum: "CONFIGURATION_REQUIRED", "FORBIDDEN", "INTERNAL_ERROR", "INVALID_REQUEST", "NOT_FOUND", "TIMEOUT" |
Example
{"type": "ERROR","errorCode": "<error_code>"}
401 - Invalid request signature or timestamp
An extension must verify the request signature and timestamp of all incoming requests. When an extension can't verify either of these values, it must reject the request with a 401 status code.