Topics Map > Canvas > Automation

Canvas Automation - How do I create, destroy and manage a bearer token for use with Postman?

This article describes how to manage bearer tokens, which are development tokens used by Postman to access Canvas API requests.

What is a bearer token?

A bearer token is a key to Canvas. Using the key unlocks Canvas with all the power you have access to. If you can view grades in Canvas, delete courses, add modules, and create quizzes in Canvas, so can anyone or anything with the beaerer token.

Typically, people who develop software applications that connect with Canvas use bearer tokens to test their applications before implementing stronger security with less risk.

Bearer tokens are powerful pieces of data that must be protected and stored safely.

Requirements for using and storing a bearer token

Before CETL will provide access to Postman collections, written agreement is required stating adherance to these requirements.

How to create, delete and re-create a bearer token

Instructure provides comprehensive documentaton on managing bearer tokens. Refer to "How do I manage API access tokens as a student?" on the Canvas LMS website.

  • Rever to "Open User Settings" to access the necessary page to create a bearer token.
  • Refer to "Add Access Token" to create a bearer token. Set your token to expire the Saturday after you create the token.
  • To re-create your token, first refer to "Delete Access Token" to remove the previosu token. Then, add a new token.

Adding a token to Postman

Are you using a UWM Canvas Postman collection?

Bearer tokens are stored in the environment profile.

  1. Click the Eye icon in the upper right corner of the Postman window.
  2. Click the Edit link.
  3. A pop-up window appears. Look for the "token" line'. In the "Initial Value" column, paste the bearer token.
  4. At the top of the window, Click the "Reset All" link.
  5. Click the Update button.
  6. Click the close (X) Icon in the upper right corner of the window to close the "Manage Environment" window.

Are you using your own collection?

Bearer tokens can be used in individual API calls, in collection folders, and in environments. A best practice is to store the bearer token in an environment rather than the API call. Refer to this follwoing Postman Learning Center articles for more information.

  • Postman Learning Center - Authorization - Refer to "Inherit auth from parent" to learn how to set all API calls to use the same security as the collection folder.
  • Postman Learning Center - Variables - Refer to "Defining collection variables" and "Accessing variables in the request builder" to define a collection variable for the bearer token, and set it to an environment variable.




Keywords:canvas automation create destroy manage bearer authentication auth token key crypt postman environment API   Doc ID:95044
Owner:David D.Group:UW-Milwaukee Center for Excellence in Teaching and Learning
Created:2019-10-16 22:05 CDTUpdated:2019-10-16 22:05 CDT
Sites:UW-Milwaukee Center for Excellence in Teaching and Learning
Feedback:  0   0