Skip navigation
Skip to main content
General information
General information

Request credentials

To set up a Print Partnership integration, partners need credentials from Canva.

For security reasons, Canva sends these credentials via encrypted files. Canva creates the encrypted files using a public key that partners provide. Partners then decrypt the files using their private key.

This guide explains how to request credentials from Canva.

Prerequisites

Partners need:

  • A tool to generate a public key and a private key. We recommend ssh-keygen, as it's installed on most major operating systems by default. To learn more, visit openssh.com.
  • A tool to decrypt Canva's encrypted files that contain the credentials. We recommend openssl. To learn more, visit openssl.com.

Step 1: Generate a key pair

Partners must generate:

  • A public key, which Canva can use to create encrypted files with the credentials.
  • A private key, which partners can use to decrypt Canva's encrypted files.

To generate the keys:

  1. Run the following command.

    ssh-keygen -t rsa -C "<email address>" -m pem
    bash

    Replace <email_address> with your email address.

  2. When prompted for a file name and passphrase, accept the default values.

By default, ssh-keygen creates the following files:

  • ~/.ssh/id_rsa, which contains the private key.
  • ~/.ssh/id_rsa.pub, which contains the public key.

Step 2: Provide the public key to Canva

Canva uses the public key to create two encrypted files with the credentials encoded. One file is for the production environment, the other is for the test environment.

To provide the public key to Canva:

  1. Navigate to the Canva Helpdesk.
  2. Select API Keys Request.
  3. Copy the public key into the Public RSA Key field.
  4. In the Domains field, provide a list of domains where you intend to deploy and test the integration. Canva will add them to the allowlist.

Step 3: Download Canva's encrypted files

After receiving your public key, Canva:

  • Generates the encrypted files containing the integration's credentials.
  • Attaches the files to the support ticket.

You'll receive an email notification when the files are available to download.

Download the encrypted files.

Step 4: Decrypt Canva's encrypted files

To decrypt the files:

  1. Run the following command:

    openssl rsautl -decrypt -inkey <private_key_file_path> -in <encrypted_file_path> -out <output_file_path>
    bash

    Replace the placeholders with these values:

    • <private_key_file_path> - The file path of the private key.
    • <encrypted_file_path> - The file path of an encrypted file received from Canva.
    • <output_file_path> - The file path to output the decrypted credentials.

    For example:

    openssl rsautl -decrypt -inkey ~/.ssh/id_ed25519 -in ~/credentials/canva-partner-prod -out ~/credentials/canva-api-keys
    bash

  2. Update the integration to use the credentials.