Auth Header (Canvas API n8n example)

# A Guide to Canvas API Authentication with Header Auth Connecting to the Canvas API is essential for automating tasks and integrating with services like n8n. Every request you make must be authenticated to prove you have permission to access or modify data. This guide explains the most common authentication method: using a **Bearer Token** in an **Authorization Header**. ## What is a Bearer Token? A Bearer Token is a long, unique string of characters that acts as your personal API key. When you send this token with your API request, the Canvas server recognizes it and "knows" who you are and what you have permission to do. Anyone who has your token can act on your behalf, which is why it's crucial to **keep it secret**. ## Step 1: Generate Your Canvas Access Token Before you can authenticate, you need to generate a token from your Canvas account. 1. Log in to Canvas (e.g., `swccd.instructure.com`). 2. In the left-hand navigation bar, click **Account**, then **Settings**. 3. Scroll down to the **Approved Integrations** section and click **+ New Access Token**. 4. Give the token a **Purpose** (e.g., "n8n Workflow") and an **Expires** date (optional, but recommended for security). 5. Click **Generate Token**. 6. **Important:** Canvas will show you the token only once. Copy it immediately and save it somewhere secure. ## Step 2: Understanding the Authorization Header When you make an API request, you send extra information called "headers." For Canvas, the most important header is `Authorization`. It tells the server _how_ you are authenticating. The format must be precise: - **Header Name:** `Authorization` - **Header Value:** `Bearer <YOUR_TOKEN_HERE>` **Example:** `Authorization: Bearer ExAmPlEtOkEn ## Step 3: Storing Your Token Securely in n8n (Best Practice) You should never paste your token directly into a workflow. The best practice is to use n8n's encrypted credential store. 1. From the n8n main menu, go to **Credentials**. 2. Click **Add credential**. 3. Since Canvas is not a pre-built option, search for and select **Header Auth**. This is the correct generic type for this kind of authentication. 4. Fill out the form with the following details: - **Credential Name:** Give it a memorable name, like `Canvas API Token`. - **Name:** This is the header name. It **must** be `Authorization`. - **Value:** This is where you put the token, prefixed with `Bearer` . It **must** be in the format `Bearer <YOUR_TOKEN>`. 5. Click **Save**. ## Step 4: Using Your Credential in an n8n HTTP Request Node Now you will connect the credential you just made to the HTTP Request node. This tells the node how to sign in to the Canvas API. 1. Add an **HTTP Request** node to your workflow. 2. Look for the **Authentication** dropdown. By default, it might say `Predefined Credential Type`. **Click on it.** 3. From the list that appears, select **Generic Credential Type**. We use "Generic" because Header Auth is a general method, not specific to a predefined service like Gmail or Slack. 4. A new dropdown labeled **Credential** will appear. 5. Click the **Credential** dropdown and select the credential you created in Step 3 (e.g., `Canvas API Token`). That's it! Once you've selected your named credential, the node is fully configured to authenticate your requests. It will now automatically add the correct `Authorization` header to every request it makes, keeping your token safe and your workflow clean. ### Security Reminder **Treat your API access token like a password.** If it is ever accidentally exposed (for example, in a screenshot or a shared file), you should immediately go back to your Canvas settings, revoke the old token, and generate a new one.