How Canvas API Integration Actually Works

Understanding API Tokens

When you connect StudentHub to Canvas, you're creating what's called an API access token. Think of it as a special key that lets StudentHub read your course data — without ever knowing your Canvas password.

What We Access

StudentHub requests the minimum data needed to show your assignments:

• **Courses** - Your active enrollments
• **Assignments** - Title, due date, points possible, submission status
• **Your profile** - Just your name and email for identification

That's it. We don't access: - Your grades or GPA - Assignment content or submissions - Discussion posts or messages - Any data from other students

How the Sync Works

Here's what happens behind the scenes:

1. You generate an API token in Canvas (we show you exactly how)
2. StudentHub uses that token to fetch your course list
3. For each course, we pull the assignment data
4. Everything syncs to your StudentHub dashboard

The sync runs automatically every few hours, so new assignments appear without you doing anything.

Security Measures

Your API token is encrypted at rest and in transit. We use industry-standard AES-256 encryption. The token is never exposed in browser code or logs.

If you ever want to disconnect, just revoke the token in Canvas. StudentHub immediately loses access.

Why Not OAuth?

Some apps use OAuth for Canvas integration, which is more convenient. But OAuth requires your school to enable it specifically for StudentHub.

API tokens work with any Canvas instance — whether you're at a large university or a small community college. It's more manual to set up, but it's universally compatible.

Questions?

We're happy to explain anything in more detail. Reach out through the contact form or check out the FAQ on the pricing page.