Canvas LMS · Authentication Profile

Canvas Lms Authentication

Authentication

Canvas LMS secures its APIs with http and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

Learning ManagementEducationEdTechLMSLTIHigher EducationK-12Open SourceAGPLCanvas
Methods: http, oauth2 Schemes: 2 OAuth flows: authorizationCode API key in:

Security Schemes

OAuth2 oauth2
· flows: authorizationCode
BearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/canvas-lms-rest-api-openapi.yml
summary:
  types:
  - http
  - oauth2
  oauth2_flows:
  - authorizationCode
schemes:
- name: OAuth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://canvas.instructure.com/login/oauth2/auth
    tokenUrl: https://canvas.instructure.com/login/oauth2/token
    scopes: 3
  description: Canvas OAuth2 (RFC 6749) authorization code grant. Register a Developer Key in
    the target Canvas account to obtain a client_id and client_secret.
  sources:
  - openapi/canvas-lms-rest-api-openapi.yml
- name: BearerAuth
  type: http
  scheme: bearer
  description: A Canvas access token. For testing only — production apps MUST use the OAuth2
    flow per the Canvas API Policy.
  sources:
  - openapi/canvas-lms-rest-api-openapi.yml