Skip to main content

Handling credentials and sensitive information

Setting up and maintaining integrations can often entail handling of sensitive information.

Whether you are handling API credentials (usernames, passwords, API keys) or personal information in a support case, it is important to use safe methods for transmitting and storing the information. Leaked API keys could potentially give an outsider access to large amounts of sensitive data.

We do not consider normal email to be a secure way to share such information, so we strongly recommend that all Canvas developers and partners use alternative, more secure means for handling and sharing sensitive data, which adhere to GDPR regulations.

Here are some suggestions:

  • Ask customers to add apps themselves: You may ask your clients to register applications in their account themselves. This avoids the sending of credentials over the internet, as the client can register the information directly into their Canvas account.
  • Use secure sharing methods: If sensitive data must be shared, we recommend using more secure methods (not email).