API Tokens

What is an API Token?

An API token, also known as an access token, is a unique string used to authenticate and authorize a user or application to access a restricted resource or API (Application Programming Interface). It acts like a digital key, allowing secure interaction with the API without exposing sensitive credentials such as usernames or passwords. API tokens are commonly used in web development to enable secure communication between applications, services, and systems.

Risks of Sharing Tokens

While API tokens are convenient and powerful, sharing them with unapproved applications can pose serious security risks. In the context of Canvas, sharing your API token means granting that application access to your account and data. If the application is malicious or compromised, it could misuse your token to steal sensitive information, send messages on your behalf, alter your account settings, or interfere with Canvas functionality.

Faculty and staff who require a token can request one using the form below. Students who need a token for teaching assistant duties must have a faculty sponsor who understands the associated risks and agrees to take responsibility for its use. Please note that active API tokens may be revoked due to changes in roles, security requirements, or policy reasons.