The Change Log page displays previous API and CLI changes The heading date indicates the date that the API or CLI code was made available in the production environment.
2026-04-18
Announcement Date: 2025-12-18
Beta Availability: Gradual rollout began 2025-11-01
Updated on 2026-01-05: Changed production date from 2026-02-21 to 2026-04-18.
Changed
GET Requests with a body are rejected with a 403 status code
Platform infrastructure is transitioning to utilize AWS CloudFront (CDN) for application delivery to ensure continued performance and scalability. This is a change to the underlying infrastructure that is available in Beta and Test environments and will be gradually rolled out to most accounts in Production in January 2026. In almost all cases, this requires no action from customers or vendors and is entirely transparent to users.
This update includes one known side effect that impacts a very small subset of Canvas API users:
GET requests cannot have a body. This is how AWS interprets the definition in RFC 9110 and RFC 7231 that "A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request." The CDN will respond with a 403 to these requests.
Any account identified as receiving GET API requests with a body, rather than using query parameters, will not be included in the January rollout. This behavior is very rare. Affected accounts will have until February 21, 2026 to update integrations accordingly, and will be notified and will be notified via notice in the Developer Keys page as well as via their CSM. Examples of the required adjustments are available in the related resource. If you don’t hear about this from your CSM or otherwise, you most likely are not affected and do not need to do anything.
Related Resource: Improving Canvas Infrastructure with a Content Delivery Network
2026-03-21
User-Agent Header Enforcement
Announcement Date: 2026-01-12
Beta Availability: 2025-10-01
To strengthen API security and governance, all HTTP requests must include a User-Agent header. Requests without this header are rejected in Beta as of October 1, 2025, and in Production on March 21, 2026.
Related Resource: Enforcing User-Agent Header for Canvas API Requests
2026-01-17 [Delayed as of 2026-01-09]
Updated: Changed Production release date from 2026-01-01 to 2026-01-17.
Announcement Date: 2025-10-09
Beta Availability: 2025-10-01
User-Agent Header Enforcement
To strengthen API security and governance, all HTTP requests must include a User-Agent header. Requests without this header are rejected in Beta as of October 1, 2025, and in Production on January 1, 2026.
Related Resource: Enforcing User-Agent Header for Canvas API Requests
