We have relocated to Instructure Developer Documentation Portal. ๐ Please update your bookmarks. This page will automatically redirect after July 1, 2026.
JWTs API
Short term tokens useful for talking to other services in the Canvas Ecosystem. Note: JWTs have no value or use directly against the Canvas API, and expire after one hour
A JWT object looks like:
{
// The signed, encrypted, base64 encoded JWT
"token": "ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1qVTJSME5OSW4wLi5QbnAzS1QzLUJkZ3lQZHgtLm5JT0pOV01iZmdtQ0g3WWtybjhLeHlMbW13cl9yZExXTXF3Y0IwbXkzZDd3V1NDd0JYQkV0UTRtTVNJSVRrX0FJcG0zSU1DeThMcW5NdzA0ckdHVTkweDB3MmNJbjdHeWxOUXdveU5ZZ3UwOEN4TkZteUpCeW5FVktrdU05QlRyZXZ3Y1ZTN2hvaC1WZHRqM19PR3duRm5yUVgwSFhFVFc4R28tUGxoQVUtUnhKT0pNakx1OUxYd2NDUzZsaW9ZMno5NVU3T0hLSGNpaDBmSGVjN2FzekVJT3g4NExUeHlReGxYU3BtbFZ5LVNuYWdfbVJUeU5yNHNsMmlDWFcwSzZCNDhpWHJ1clJVVm1LUkVlVTl4ZVVJcTJPaWNpSHpfemJ0X3FrMjhkdzRyajZXRnBHSlZPNWcwTlUzVHlSWk5qdHg1S2NrTjVSQjZ1X2FzWTBScjhTY2VhNFk3Y2JFX01wcm54cFZTNDFIekVVSVRNdzVMTk1GLVpQZy52LVVDTkVJYk8zQ09EVEhPRnFXLUFR"
}Create JWT JwtsController#create
POST /api/v1/jwts
url:POST|/api/v1/jwts
Create a unique JWT for use with other Canvas services
Generates a different JWT each time itโs called. Each JWT expires after a short window (1 hour)
Request Parameters:
| Parameter | Type | Description | |
|---|---|---|---|
| workflows[] | string |
Adds additional data to the JWT to be used by the consuming service workflow |
|
| context_type | string |
The type of the context to generate the JWT for, in case the workflow requires it. Case insensitive.
Allowed values: |
|
| context_id | integer |
The id of the context to generate the JWT for, in case the workflow requires it. |
|
| context_uuid | string |
The uuid of the context to generate the JWT for, in case the workflow requires it. Note that context_id and context_uuid are mutually exclusive. If both are provided, an error will be returned. |
|
| canvas_audience | boolean |
Defaults to true. If false, the JWT will be signed, but not encrypted, for use in downstream services. The default encrypted behaviour can be used to talk to Canvas itself. |
Example Request:
curl 'https://<canvas>/api/v1/jwts' \
-X POST \
-H "Accept: application/json" \
-H 'Authorization: Bearer <token>'Refresh JWT JwtsController#refresh
POST /api/v1/jwts/refresh
url:POST|/api/v1/jwts/refresh
Refresh a JWT for use with other canvas services
Generates a different JWT each time itโs called, each one expires after a short window (1 hour).
Request Parameters:
| Parameter | Type | Description | |
|---|---|---|---|
| jwt | Required | string |
An existing JWT token to be refreshed. The new token will have the same context and workflows as the existing token. |
Example Request:
curl 'https://<canvas>/api/v1/jwts/refresh' \
-X POST \
-H "Accept: application/json" \
-H 'Authorization: Bearer <token>'
-d 'jwt=<jwt>'