Skip to content

Latest commit

 

History

History
50 lines (33 loc) · 2.08 KB

File metadata and controls

50 lines (33 loc) · 2.08 KB

Canvas setup

You need two things from Canvas:

  1. An API token — a long personal secret that authorises the scripts.
  2. Your institution's Canvas base URL — e.g. https://maastrichtuniversity.instructure.com (no trailing slash).

Generating an API token

  1. Log in to your Canvas account in a browser.
  2. Click your profile picture (top-left) → Settings.
  3. Scroll to Approved Integrations.
  4. Click + New Access Token.
  5. Give it a descriptive purpose (e.g. masterblasterbrain) and leave the expiry empty for a non-expiring token (or set one if you prefer).
  6. Click Generate Token. Copy it immediately — Canvas will never show it again.

Storing the token

Put the token in a .env file in the repo root (this file is gitignored, never committed):

cp .env.example .env
# Open .env in an editor and fill in:
# CANVAS_API_TOKEN="15183~YOURLONGSECRETHERE"
# CANVAS_BASE_URL="https://maastrichtuniversity.instructure.com"
# VAULT_ROOT="/Users/you/Documents/Obsidian Vault/Master's"

Or — more portable — save them in ~/.canvas_env (with chmod 600 ~/.canvas_env for safety) and source it before running the scripts. That file lives outside the repo and isn't tied to a particular checkout.

Verifying the token

source .env
python3 scripts/canvas_explore.py

You should see a list of your active courses with their assignments. If you get 401 Unauthorized, the token is wrong or the base URL is pointing at a different institution. If you get 403 Forbidden, the token might be expired — generate a new one.

Revoking a token

If you ever leak a token (pushed it by accident, pasted in a screenshot), revoke it immediately:

Profile → Settings → Approved Integrations → find the token → Delete

Then generate a fresh one. Tokens are independent, so revoking one doesn't affect your other sessions.

Rate limiting

Canvas uses cost-based throttling. Normal use (one sync per day) won't hit the limit. If you're looping aggressively, watch the X-Rate-Limit-Remaining response header — back off when it drops below ~100.