Security enhancements to IP Vault and new Gemini 3.1 Flash Live STS model for Convo mode
API Documentation
Runtime API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
Administrator API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
curl --request GET \
--url https://pria.praxislxp.com/api/auth/token_complete"<string>"Complete the Canvas LMS API authorization handoff
Canvas redirects the user’s browser here after they authorize Pria to call the
Canvas API on their behalf (Canvas OAuth2 authorization-code flow). The handler
exchanges the supplied code for a Canvas API access token, stores it on the
caller’s UserInstitution.canvasApiToken, writes a history entry recording the
successful authentication, and returns a small HTML page that closes the popup
and signals the parent window to retry the request that triggered the auth.
This is not a Pria login flow — the user is already signed in with a valid
Pria JWT before being sent to Canvas. The state parameter carries the Pria
user’s _id so the backend can look up which user to attach the Canvas token
to without relying on the session.
Configuration requirements: the user’s institution (or its parent account)
must have canvasClientId and canvasClientSecret set, and a derivable Canvas
API domain (an instructure.com URL or a .edu vanity URL in
publicAuthorizedUrls).
curl --request GET \
--url https://pria.praxislxp.com/api/auth/token_complete"<string>"Documentation Index
Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
Use this file to discover all available pages before exploring further.
Query Parameters
Canvas OAuth authorization code to exchange for an access token.
Pria user _id — set during the original consentUrl generation so this
callback can find which Pria user to attach the Canvas token to.
Set by Canvas when the user denies the consent screen.
Human-readable failure reason that accompanies error.
Response
Canvas token stored successfully. Returns an HTML page (TOKEN_SUCCESS_HTML)
that closes the popup window and signals the opener to retry.
The response is of type string.
Was this page helpful?