JWTs API

Short term tokens useful for talking to other services in the Canvas Ecosystem. Note: JWTs have no value or use directly against the Canvas API, and expire after one hour

A JWT object looks like:

{
  // The signed, encrypted, base64 encoded JWT
  "token": "ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJSME5OSW4wLi5QbnAzS1QzLUJkZ3lQZHgtLm5JT0pOV01iZmdtQ0g3WWtybjhLeHlMbW13cl9yZExXTXF3Y0IwbXkzZDd3V1NDd0JYQkV0UTRtTVNJSVRrX0FJcG0zSU1DeThMcW5NdzA0ckdHVTkweDB3MmNJbjdHeWxOUXdveU5ZZ3UwOEN4TkZteUpCeW5FVktrdU05QlRyZXZ3Y1ZTN2hvaC1WZHRqM19PR3duRm5yUVgwSFhFVFc4R28tUGxoQVUtUnhKT0pNakx1OUxYd2NDUzZsaW9ZMno5NVU3T0hLSGNpaDBmSGVjN2FzekVJT3g4NExUeHlReGxYU3BtbFZ5LVNuYWdfbVJUeU5yNHNsMmlDWFcwSzZCNDhpWHJ1clJVVm1LUkVlVTl4ZVVJcTJPaWNpSHpfemJ0X3FrMjhkdzRyajZXRnBHSlZPNWcwTlUzVHlSWk5qdHg1S2NrTjVSQjZ1X2FzWTBScjhTY2VhNFk3Y2JFX01wcm54cFZTNDFIekVVSVRNdzVMTk1GLVpQZy52LVVDTkVJYk8zQ09EVEhPRnFXLUFR"
}

Create JWT JwtsController#create

POST /api/v1/jwts

Scope: url:POST|/api/v1/jwts

Create a unique jwt for using with other Canvas services

Generates a different JWT each time it’s called, each one expires after a short window (1 hour)

Request Parameters:

Parameter Type Description
workflows[] string

Adds additional data to the JWT to be used by the consuming service workflow

context_type string

The type of the context in case a specified workflow uses it to consuming the service. Case insensitive.

Allowed values: Course, User, Account

context_id integer

The id of the context in case a specified workflow uses it to consuming the service.

context_uuid string

The uuid of the context in case a specified workflow uses it to consuming the service.

canvas_audience boolean

Defaults to true. If false, the JWT will be signed, but not encrypted, for use in downstream services. The default encrypted behaviour can be used to talk to canvas itself.

Example Request:

curl 'https://<canvas>/api/v1/jwts' \
      -X POST \
      -H "Accept: application/json" \
      -H 'Authorization: Bearer <token>'
Returns a JWT object

Refresh JWT JwtsController#refresh

POST /api/v1/jwts/refresh

Scope: url:POST|/api/v1/jwts/refresh

Refresh a JWT for use with other canvas services

Generates a different JWT each time it’s called, each one expires after a short window (1 hour).

Request Parameters:

Parameter Type Description
jwt Required string

An existing JWT token to be refreshed. The new token will have the same context and workflows as the existing token.

Example Request:

curl 'https://<canvas>/api/v1/jwts/refresh' \
      -X POST \
      -H "Accept: application/json" \
      -H 'Authorization: Bearer <token>'
      -d 'jwt=<jwt>'
Returns a JWT object