Canva SCIM API

Overview Authentication Users, Groups, and Teams

SCIM User API reference

Create a user Get a user List users Update all information for a user Update individual attributes for a user Delete a user

SCIM Group API reference

Create a group Get a group List groups Update all information for a group Update individual attributes for a group Delete a group

List users

Gets a paginated list of all users in a Canva team, including inactive users.

You can use the startIndex and count parameters to control the pagination of the response.

You can also provide a filter parameter to narrow down the users returned to only include those matching the filter.

HTTP method and URL path

GET https://www.canva.com/_scim/v2/Users

Header parameters

Authorizationstring

REQUIRED

Provides credentials to authenticate the request, in the form of a Bearer token.

For example: Authorization: Bearer {token}

Query parameters

startIndexinteger

OPTIONAL

Used to paginate the response: the index of the first result to return.

countinteger

OPTIONAL

Used to paginate the response: the number of results to return. Must be between 1 and 10.

filterstring

OPTIONAL

A filter to narrow down the results returned, using the equals (eq) query parameter. The following filters are supported:

Return the user matching the SCIM userName value: userName eq "{saml_name_id}".

For example: GET /_scim/v2/Users?filter=userName%20eq%20"aliddell"
Return the user matching the SCIM externalId value: externalId eq "{idp_provided_external_id}".

For example: GET /_scim/v2/Users?filter=externalId%20eq%20"abcdefgh12345678"

Example request

Examples for using the /_scim/v2/Users endpoint:

curl --request GET 'https://www.canva.com/_scim/v2/Users' \
--header 'Authorization: Bearer {token}'

const fetch = require("node-fetch");

fetch("https://www.canva.com/_scim/v2/Users", {
  method: "GET",
  headers: {
    "Authorization": "Bearer {token}",
  },
})
  .then(async (response) => {
    const data = await response.json();
    console.log(data);
  })
  .catch(err => console.error(err));

import java.io.IOException;
import java.net.URI;
import java.net.http.*;

public class ApiExample {
    public static void main(String[] args) throws IOException, InterruptedException {
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create("https://www.canva.com/_scim/v2/Users"))
            .header("Authorization", "Bearer {token}")
            .method("GET", HttpRequest.BodyPublishers.noBody())
            .build();

        HttpResponse<String> response = HttpClient.newHttpClient().send(
            request,
            HttpResponse.BodyHandlers.ofString()
        );
        System.out.println(response.body());
    }
}

JAVA

import requests

headers = {
    "Authorization": "Bearer {token}"
}

response = requests.get("https://www.canva.com/_scim/v2/Users",
    headers=headers
)
print(response.json())

using System.Net.Http;

var client = new HttpClient();
var request = new HttpRequestMessage
{
  Method = HttpMethod.Get,
  RequestUri = new Uri("https://www.canva.com/_scim/v2/Users"),
  Headers =
  {
    { "Authorization", "Bearer {token}" },
  },
};

using (var response = await client.SendAsync(request))
{
  response.EnsureSuccessStatusCode();
  var body = await response.Content.ReadAsStringAsync();
  Console.WriteLine(body);
};

CSHARP

package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	url := "https://www.canva.com/_scim/v2/Users"
	req, _ := http.NewRequest("GET", url, nil)
	req.Header.Add("Authorization", "Bearer {token}")

	res, _ := http.DefaultClient.Do(req)
	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)
	fmt.Println(string(body))
}

$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.canva.com/_scim/v2/Users",
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => array(
    'Authorization: Bearer {token}',
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);

if (empty($err)) {
  echo $response;
} else {
  echo "Error: " . $err;
}

PHP

require 'net/http'
require 'uri'

url = URI('https://www.canva.com/_scim/v2/Users')
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request['Authorization'] = 'Bearer {token}'

response = http.request(request)
puts response.read_body

RUBY

Success response

If successful, the endpoint returns a 200 response with a JSON body with the following parameters:

schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:ListResponse.

totalResultsinteger

The total number of results matching the query.

startIndexinteger

The index of the first result.

itemsPerPageinteger

The number of results returned in the current page.

resourcesScimUserResponse[]

An array of the users returned in the current page of results.

Properties of resources

schemasstring[]

The URIs of the SCIM schemas. The value for this can only be urn:ietf:params:scim:schemas:core:2.0:User.

idstring

The Canva-generated SCIM ID for the user.

metaobject

Meta properties for the user.

Properties of meta

resourceTypestring

The SCIM resource type of the object. The value for this can only be User.

createdstring

The timestamp when the object was created.

userNamestring

A unique identifier for the user.

displayNamestring

The name of the user, suitable for display to end-users.

emailsobject[]

The email address for the user.

The Canva SCIM API only supports one email address for each user.

Properties of emails

primaryboolean

Whether the email is the primary address. Only one email address for a user can be the primary one.

valuestring

The email address.

typestring

The type of email address for the user. The Canva SCIM API only supports work as the type of the email address.

activeboolean

Whether the user account is active. Setting this to false deprovisions the user in Canva.

rolestring

The role of the user. This can be one of the following:

Member
Teacher
Staff
Admin
Template-designer
Aide
Administrator
School administrator
School
Tenant
Faculty

If an invalid value is provided, the role defaults to Member.

Except for Member, all other role values map to the Canva "Brand Designer" role. For more information on Canva roles, see Team roles and permissions⁠(opens in a new tab or window).

externalIdstring

OPTIONAL

A string that is an identifier for the resource as defined by the provisioning client.

namename

OPTIONAL

The components of the user's name.

Properties of name

givenNamestring

OPTIONAL

The first or 'given' name for the user.

familyNamestring

OPTIONAL

The last or 'family' name for the user.

localestring

OPTIONAL

The user's default location, for example en_AU.

Example response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "totalResults": 1,
  "startIndex": 1,
  "itemsPerPage": 10,
  "resources": [
    {
      "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
      ],
      "id": "UAFdxab1abC",
      "externalId": "abcd1234",
      "meta": {
        "resourceType": "User",
        "created": "2023-09-18T06:08:35Z"
      },
      "userName": "aliddell",
      "displayName": "Alice Liddell",
      "name": {
        "givenName": "Alice",
        "familyName": "Liddell"
      },
      "emails": [
        {
          "primary": true,
          "value": "[email protected]",
          "type": "work"
        }
      ],
      "active": true,
      "locale": "en_US",
      "role": "Member"
    }
  ]
}

JSON

Error responses

400 Bad request

schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

detailstring

The value for this can only be No SSO configurations found, please check the settings page.

statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "No SSO configurations found, please check the settings page",
  "status": "400"
}

JSON

403 Forbidden

schemasstring[]

The value for this can only be urn:ietf:params:scim:api:messages:2.0:Error.

detailstring

The value for this can only be Unsupported filter field.

statusstring

The HTTP status code of the error.

Example error response

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "Unsupported filter field",
  "status": "403"
}

JSON