About
As of May 2026, Instructure has begun updating support for inherited API developer keys in Canvas. As a result, Kaltura is deprecating the use of the Kaltura Inherited API Developer Key in Canvas integrations.
This article explains how to migrate an existing Canvas integration from an Inherited API key to a Scoped API Developer Key and disable the inherited key.
After completing this procedure, users may be prompted to authorize Kaltura again the first time they access My Media or Media Gallery in Canvas.
Need the full setup guide?
This article covers the standalone migration process to a Scoped API Developer Key. If you are performing a first-time installation or want to see how this step fits into the complete end-to-end integration, see Set up Kaltura LMS Video integration LTI 1.3 in Canvas.
Check whether your integration uses an Inherited key
- Log into your KAF Configuration Management console and open the Canvas module. You can also navigate directly: (https://{your_KAF_base_URL}/admin/config/tab/canvas).
- Scroll down to the useScopedKey setting.

The Canvas page displays.


- If useScopedKey is set to 'Yes', your integration already uses a Scoped API Developer Key.
- If useScopedKey is set to 'No', your integration uses the Inherited Canvas API key and should be migrated.
Migrate to a Scoped API Developer Key
Step 1 - Create a Scoped API Developer Key
- Log into Canvas as an administrator.
- Navigate to the Developer Keys page.
- On the Developer Keys page, click + Developer Key and select + API Key from the drop-down menu.
- Configure the following:
The 'Key Settings' page displays.
- Key Name - Kaltura Scoped API Key
- Owner Email - Optional
- Redirect URLs - Enter the following four KAF URLs:
- For the {your_KAF_base_URL} use your PID-based KAF domain or your KAF domain alias or vanity domain, if applicable.
- Make sure there is no / (slash) at the end of the URL.
- https://{your_KAF_base_URL}/canvas/index/create-token-from-code/target/browseandembed
- https://{your_KAF_base_URL}/canvas/index/create-token-from-code/target/browseandembed?type=quiz
- https://{your_KAF_base_URL}/canvas/index/create-token-from-code/target/course-gallery
- https://{your_KAF_base_URL}/canvas/index/create-token-from-code/target/my-media
- Vendor Code (LTI 2) - Leave blank
- Icon URL - Optional
- Notes - Optional
- Test Cluster Only - Leave unchecked
- Client Credentials Audience - Select Canvas
Your Key Settings will now look similar to the following:

5. Scroll to the top of the page. If Enforce Scopes is not enabled (the toggle is not green and checked), click the toggle to enable it.

The 'Enforce Scopes' section expands.

Leave Allow Include Parameters unchecked.
6. Scroll down to Courses and click to expand.
7. Check the following scopes:
- url:GET|/api/v1/courses
- url:GET|/api/v1/courses/:id

8. Scroll down to Users and click to expand.
9. Check the following scope:
- url:GET|/api/v1/users/:user_id/profile

10. Click Save.
The 'Developer Key Created' message displays:
11. Copy the API Developer Key secret and store it in a secure location.
Make sure to copy the API Developer Key before closing the dialog box. After the dialog box is closed, the key can no longer be viewed.
12. Click Close.
The 'Developer Keys' page displays.
13. Select the Account tab.

14. Locate the Scoped API Developer Key you created and click the State toggle to turn on the key.
A confirmation message appears.
15. Click Switch to On.
When enabled, the toggle turns green.
Step 2 - Set API developer key in Canvas module
- Log into your Configuration Management console and open the Canvas module. You can also navigate directly: (https://{your_KAF_base_URL}/admin/config/tab/canvas).
- Scroll down to the useScopedKey field and set it to 'Yes'.
- Set the enableUserProfileScope field to 'Yes'.
- Fill in the customAppId and customAppKey fields using the Client ID and API Developer Key secret for the Scoped API Developer Key you created above:

The 'Canvas' page displays.

This exposes the Canvas Account API Developer Key settings.
This setting works with the Canvas user profile scope configured when creating the Scoped API Developer Key and helps prevent repeated authorization prompts when users switch between Canvas environments or Kaltura tools.
- In Canvas, navigate to the Developer Keys page and locate the Canvas API Developer Key you created.
- Copy the Client ID and paste it into the customAppId field in the Canvas module.
- Copy the API Developer Key secret that you saved when creating the Scoped API Developer Key and paste it into the customAppKey field in the Canvas module.

The Canvas module useScopedKey section should now look like this:

5. Scroll to the bottom of the Canvas module and click Save.
Step 3 - Turn off the inherited Kaltura developer key
After confirming that the Scoped API Developer Key is configured in the Canvas module, disable the inherited Kaltura developer key.
- Log into Canvas as an administrator.
- Navigate to the Developer Keys page.
- Select the Inherited tab.
- In the search box, enter 'Kaltura'.
- Click the State toggle to turn off the key.
- Click Switch to Off to complete the action.

If no results display, click Show All Keys.
The Inherited Kaltura API Developer Key is listed (for example, Kaltura - 2026-04-30 22:24:54 UTC).
A confirmation message displays.
When disabled, the toggle turns gray.
Test the integration
After implementing a new API Developer Key, users are prompted to authorize Kaltura again the first time they launch My Media or Media Gallery.
- Log into Canvas.
- Locate the button for the Kaltura My Media Tool
- Click on the button to launch the tool
- Click Authorize.
A popup displays similar to the one pictured below.
My Media opens and displays the media available to the user and a new Account Token is created for the user.
If the authorization prompt does not display or an error occurs, contact Kaltura Customer Support.