How to Get My Canvas Token
Canopy interacts securely with your Canvas data in a way that allows us to access the information without storing it on our servers. In order to ensure that all institutional data is handled securely, we connect to Canvas making use of a secure token. Put simply, the token is like an ID Badge that allows us to prove to Canvas that you want to enable Canopy to access your Canvas data.
Note: This setup is for individual users. It is not required for users on an Institutional License. If your institution licenses Canopy, the Canvas Admin will set up access and you won’t have to do anything.
- Log-in to your Canvas LMS account.
- Click on the Account section on the menu at the top left.
- Click on Settings.
4. On the Settings page, scroll down to the Approved Integrations section.
5. Click on the + New Access Token button. This will open up a prompt to create a token.
5. For purpose, you can write anything such as “Canopy Token”. For Expires you can either leave the date empty (never expires) or set a manual expiration date.
Note: adding an expiry date will increase security. Continuing with our analogy of the token being like an ID Badge, it would be like if your school required you to get a new ID Badge at the office every so often. That way they can make sure no one has managed to clone your existing badge and is using it without your knowledge. Inconvenient, but more secure.
6. Click the Generate Token button. (For security reasons, the resulting token is blurred out in the image.)
The generated token is very powerful. Much like our analogy of an ID Badge, if you just left yours lying around it could lead to security issues. Likewise, leaving this token in a plain text file or written down could allow someone to access all your Canvas data. We recommend either:
A) Generate a new token each time you want to log in to Canopy. (We understand this is a hassle and are working to improve this experience.)
B) Store the token securely. For example, storing it in a password manager such as 1Password. We recommend this method that requires a password to access your stored vault rather than just letting your browser store the token in a way that will auto-fill it.
As the pop-up that appears when you create the token states, once you close the window there is no way to see the full token again. But fret not, all you need is a fresh token to access Canopy. So if you forget the token, or choose to access it using option A, you can easily re-generate a token. It only takes a few seconds.