nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

Upcoming API Changes: Live Events Content-Type and User-Agent Requirement Expansion

Gergely Schmidt

To improve consistency, observability, and security across Instructure developer platforms, we are announcing two upcoming API changes.

Per the Instructure API policy, both changes will take effect 90 days after this announcement, at 2026-07-13.

These updates affect:

Canvas Live Events
Data Access Platform (DAP) Query API

Please review the changes below and update your integrations if necessary.

1. Canvas Live Events: Content-Type change for JWT-signed events

When Canvas Live Events are configured to use JWT signing for HTTP delivery, the Content-Type header will change.

Current behavior

Content-Type: application/json

New behavior (when JWT signing is enabled)

Content-Type: application/jwt

This change reflects the actual payload format when JWT signing is enabled.

Why this change?

When JWT signing is used, the payload is no longer a plain JSON body but a JWT token containing the event data. Updating the header makes the response type accurate and easier for receiving systems to process correctly.

What you may need to change

If your system validates or routes events based on the Content-Type header, ensure it supports:

application/jwt

The event payload and JWT structure themselves are not changing.

Documentation: Canvas Live Events setup

2. User-Agent header requirement expanding to additional APIs

In September 2025 we announced enforcement of the User-Agent header for Canvas API requests.

We are now extending this requirement to additional developer-facing APIs.

The following APIs will require a valid User-Agent header:

Canvas API (already announced)
Data Access Platform (DAP) Query API

Documentation:

DAP Query API

Exception:

If you are a DAP CLI or DAP Client Library user then you are covered by the User Agent requirement because they already send User Agent headers.

What happens if a User-Agent header is missing?

Requests that do not include a valid User-Agent header will receive a 403 response.

Example:

HTTP 403
{
  "error": "Forbidden",
  "message": "You are not authorized to access this site because you have not provided a valid user agent."
}

Why we require User-Agent headers

User-Agent headers help us:

Identify and troubleshoot problematic integrations
Contact developers if an integration causes service issues
Improve platform observability and reliability
Maintain fair and stable platform usage

Recommended format

We recommend using a descriptive format such as:

User-Agent: MyApp/1.2 (company-name; support@company.com)

Timeline

These changes will go into effect 90 days after this announcement, in accordance with the Instructure API policy.

After the enforcement date:

Live Events with JWT signing will return Content-Type: application/jwt
DAP APIs will require a User-Agent header

What you should do now

Developers should:

Ensure their Live Events receivers support application/jwt
Add a valid User-Agent header to all API requests if they are missing
Verify automated jobs, SDKs, and scripts include this header

Questions or feedback

If you have questions, please reach out in the developer community or contact the Instructure developer relations team.

Find more posts tagged with

Canvas LMS

Canvas Data

Comments

marco_divittori

@Gergely Schmidt can all schema changes be applied via sync_db or do we need to run initdb for any tables? Thanks

maria2025s

no entiendo nada

dbrace

@Gergely Schmidt, are you able to provide an English to Spanish translation?

-Doug

Gergely Schmidt

Hi @dbrace we don't provide translation for content like this. I would recommend to use the browser based translation services in case English language is the problem not the content.

Gergely Schmidt

Hi @marco_divittori!

All updates are going to happen through an incremental update, so a sync_db in that case should handle those. However there is going be a bigger incremental update, make sure your server won't ran out of storage while it stores the temporary files to load the data into the database of your choice.

Child Item