Welcome to the Canvas LMS API Documentation
Canvas LMS includes a REST API for accessing and modifying data externally from the main application, in your own programs and scripts. This documentation describes the resources that make up the API.
To get started, you'll want to review the general basics, including the information below and the page on Authentication using OAuth2.
API Changes
For API resources, such as the API Change Log for additions, changes, deprecations, and removals, view the Canvas API page in the Canvas Community.
API Policy
Please carefully review the Canvas API Policy before using the API.
Schema
All API access is over HTTPS, against your normal Canvas domain.
All API responses are in JSON format.
All integer ids in Canvas are 64 bit integers. String ids are also used in Canvas.
To force all ids to strings add the request header Accept: application/json+canvas-string-ids
This will cause Canvas to return even integer IDs as strings, preventing problems with languages (particularly JavaScript) that can't properly process large integers.
All boolean parameters can be passed as true/false, t/f, yes/no, y/n, on/off, or 1/0. When using JSON format, a literal true/false is preferred, rather than as a string.
For POST and PUT requests, parameters are sent using standard HTML form encoding (the application/x-www-form-urlencoded content type).
POST and PUT requests may also optionally be sent in JSON format format. The content-type of the request must be set to application/json in this case. There is currently no way to upload a file as part of a JSON POST, the multipart form type must be used.
As an example, this HTML form request:
name=test+name&file_ids[]=1&file_ids[]=2&sub[name]=foo&sub[message]=bar&flag=y
would translate into this JSON request:
{ "name": "test name", "file_ids": [1,2], "sub": { "name": "foo", "message": "bar" }, "flag": true }
With either encoding, all timestamps are sent and returned in ISO 8601 format (UTC time zone):
YYYY-MM-DDTHH:MM:SSZ
Authentication
API authentication is done with OAuth2. If possible, using the HTTP Authorization header is recommended. Sending the access token in the query string or POST parameters is also supported.
OAuth2 Token sent in header:
curl -H "Authorization: Bearer <ACCESS-TOKEN>" "https://canvas.instructure.com/api/v1/courses"
OAuth2 Token sent in query string:
curl "https://canvas.instructure.com/api/v1/courses?access_token=<ACCESS-TOKEN>"
Read more about OAuth2 and how to get access tokens.
SSL
Note that if you make an API call using HTTP instead of HTTPS, you will be redirected to HTTPS. However, at that point, the credentials have already been sent in clear over the internet. Please make sure that you are using HTTPS.
About this Documentation
This documentation is generated directly from the Canvas LMS code. You can generate this documentation yourself if you've set up a local Canvas environment following the instructions on Github. Run the following command from your Canvas directory:
bundle exec rake doc:api