You need two things from Canvas:
- An API token — a long personal secret that authorises the scripts.
- Your institution's Canvas base URL — e.g.
https://maastrichtuniversity.instructure.com(no trailing slash).
- Log in to your Canvas account in a browser.
- Click your profile picture (top-left) → Settings.
- Scroll to Approved Integrations.
- Click + New Access Token.
- Give it a descriptive purpose (e.g.
masterblasterbrain) and leave the expiry empty for a non-expiring token (or set one if you prefer). - Click Generate Token. Copy it immediately — Canvas will never show it again.
Put the token in a .env file in the repo root (this file is gitignored, never committed):
cp .env.example .env
# Open .env in an editor and fill in:
# CANVAS_API_TOKEN="15183~YOURLONGSECRETHERE"
# CANVAS_BASE_URL="https://maastrichtuniversity.instructure.com"
# VAULT_ROOT="/Users/you/Documents/Obsidian Vault/Master's"Or — more portable — save them in ~/.canvas_env (with chmod 600 ~/.canvas_env for safety) and source it before running the scripts. That file lives outside the repo and isn't tied to a particular checkout.
source .env
python3 scripts/canvas_explore.pyYou should see a list of your active courses with their assignments. If you get 401 Unauthorized, the token is wrong or the base URL is pointing at a different institution. If you get 403 Forbidden, the token might be expired — generate a new one.
If you ever leak a token (pushed it by accident, pasted in a screenshot), revoke it immediately:
Profile → Settings → Approved Integrations → find the token → Delete
Then generate a fresh one. Tokens are independent, so revoking one doesn't affect your other sessions.
Canvas uses cost-based throttling. Normal use (one sync per day) won't hit the limit. If you're looping aggressively, watch the X-Rate-Limit-Remaining response header — back off when it drops below ~100.