canva-data-handling
Installation
SKILL.md
Canva Data Handling
Overview
Handle Canva Connect API data responsibly. The API exposes user identifiers, design metadata, design content (via exports), uploaded assets, and comments. Apply proper classification, retention, and privacy controls.
Data Classification — Canva API Responses
| Data Type | Source Endpoint | Sensitivity | Handling |
|---|---|---|---|
| User ID, Team ID | GET /v1/users/me |
Internal | Don't expose externally |
| User profile | GET /v1/users/me/profile |
PII | Encrypt at rest, minimize |
| Design metadata | GET /v1/designs |
Business | Standard protection |
| Design content | Export URLs from /v1/exports |
Confidential | Time-limited URLs, don't cache |
| OAuth tokens | /v1/oauth/token |
Secret | Encrypt, never log |
| Asset files | /v1/asset-uploads |
Business | Validate, scan for malware |
| Comments | /v1/designs/{id}/comment_threads |
PII | May contain personal data |
| Webhook payloads | Incoming POST | Mixed | Verify signature first |