Credentials overview

To set up the integration, partners need credentials.

There are two variations of these credentials:

• Production
• Test

You must use the production credentials for integrations running in a live environment. A live environment is where users can purchase prints of their designs. You can use the test credentials while developing an integration to avoid being charged for test purchases.

Partners need the following credentials:

A unique ID that identifies you as a print partner.

A public API key for initializing the Partnership SDK.

A secret API key for generating an autoAuthToken.

A secret API key for purchasing the print-quality version of a user's artwork.

For security reasons, Canva sends credentials to partners via encrypted files. Canva creates the encrypted files using a public key that partners provide. Partners then decrypt the files using their private key.

To request credentials from Canva, see Request credentials.

By default, the API keys are locked to the following domains:

• canva.com
• localhost

If requests don't originate from these domains, Canva responds to requests with a 403 error.

To use the API keys from domains where you intend to deploy and test the integration, add the domains to Canva's allowlist.

For security reasons, Canva recommends rotating the credentials periodically.

Specifically, these:

• Partner API key.
• Partner API secret.
• Artwork API secret.

The Partner ID doesn't change.

To rotate the credentials:

1. Request new credentials from Canva. To raise a request, see Request credentials.
2. Update the integration to use the new credentials.