Anonymous editing

Some partners don't require users to login before creating designs via their website. In these cases, a partner can calculate an autoAuthToken with a random string instead of a user's ID:

const jwt = require("jwt-simple");

const now = Math.floor(new Date().getTime() / 1000);

const payload = {
  iss: process.env.PARTNER_API_KEY,
  sub: "<random_string>",
  iat: now,
  exp: now + 60 * 30,
};

const autoAuthToken = jwt.encode(payload, process.env.PARTNER_API_SECRET);

console.log(autoAuthToken);

javascript

This still creates an account in Canva's backend, but the account isn't associated with a user in the partner's backend. As a result, the user is effectively anonymous.

Limitations

If your integration uses anonymous editing, users can't view their previously created designs or uploaded media.