Skip to content

Deployment Checklist

Pre-launch checklist for Canva apps and integrations.

Apps SDK Checklist

Code Quality

  • [ ] TypeScript strict mode enabled
  • [ ] No console.log statements in production code
  • [ ] All API calls have error handling
  • [ ] Loading states implemented for all async operations
  • [ ] Empty states implemented

Security

  • [ ] All HTTP requests verified with JWT middleware
  • [ ] No secrets hardcoded in frontend code
  • [ ] CORS configured correctly on backend
  • [ ] Rate limiting implemented on backend endpoints
  • [ ] Input validation on all backend endpoints

App Listing

  • [ ] App icon: 1024x1024px PNG, no rounded corners
  • [ ] Featured image: 1920x960px
  • [ ] App name: clear and descriptive
  • [ ] Short description: under 120 characters
  • [ ] Long description: complete and compelling
  • [ ] Privacy policy URL provided
  • [ ] Terms of service URL provided

Testing

  • [ ] Tested in Canva editor (not just locally)
  • [ ] Tested with multiple user accounts
  • [ ] Tested edge cases (network errors, empty states)
  • [ ] Authentication flow tested end-to-end
  • [ ] Drag and drop tested (if applicable)
  • [ ] Mobile/tablet responsive (if applicable)

Submission

  • [ ] All submission checklist items complete
  • [ ] App review guidelines reviewed
  • [ ] Developer contact email configured

Connect API Checklist

Integration

  • [ ] OAuth flow tested with real user accounts
  • [ ] Token refresh logic implemented and tested
  • [ ] All API errors handled gracefully
  • [ ] Webhook signature verification implemented
  • [ ] Rate limiting respected (implement exponential backoff)

Production

  • [ ] Client secret stored in environment variables
  • [ ] Refresh tokens stored securely
  • [ ] Monitoring and alerting configured
  • [ ] API response caching implemented where appropriate

Canva Developer Documentation SOP Site