Authentication
Authorization: Bearer <API_KEY>Create or rotate keys in Settings and Developer. Keys carry full account privileges. Keep them secret.
CanvasGuru API
Use the REST API to manage inventory, create orders, fetch certificates, and subscribe to webhooks. Authenticate with a secret key in the Authorization header using Bearer tokens.
Base URL
https://api.canvasguru.co/v1Versioning
Default version is v1. Breaking changes ship under a new path. Use the base URL above.
All responses are JSON by default.
Endpoints
| Method | Path | Purpose |
|---|---|---|
| GET | /inventory | List works |
| POST | /inventory | Create a work |
| GET | /inventory/{id} | Fetch a work |
| PATCH | /inventory/{id} | Update a work |
| GET | /orders | List orders |
| POST | /orders | Create order |
| GET | /orders/{id} | Fetch order |
| POST | /orders/{id}/capture | Capture payment |
| GET | /certificates/{id} | Fetch certificate |
| GET | /creators | List creators |
| POST | /webhooks/subscribe | Create subscription |
| GET | /webhooks | List subscriptions |
| DELETE | /webhooks/{id} | Delete subscription |
Examples
curl -s https://api.canvasguru.co/v1/inventory \
-H "Authorization: Bearer <API_KEY>"curl -s -X POST https://api.canvasguru.co/v1/orders \
-H "Authorization: Bearer <API_KEY>" \
-H "Content-Type: application/json" \
-d '{
"item_id": "inv_12345",
"buyer_email": "collector@example.com",
"shipping": {"country":"US","postal_code":"10001"}
}'Webhooks
Subscribe to events to keep your systems in sync. Deliveries include signature headers and idempotent ids.
See the full guide for signature verification and retries.
Best practices
- Use idempotency on your side when creating orders to avoid duplicates.
- Validate all incoming webhook signatures before processing.
- Return 2xx from webhook handlers only after you persist the event.
- Filter list endpoints with query params like
?limit=50&starting_after=…when supported.