University Suspends Students for AI Homework Tool It Gave Them $10,000 Prize to Make The school “figured out that the Eightball program accesses the Canvas data through the Canvas user generated token, which is essentially users’ Emory credentials that give full access to everything users can access on Canvas. This user generated token is considered a highly restricted user credential tool and sharing it to any outside party is a violation of Canvas terms and IT policies.” API tokens are sensitive, but API tokens exist exclusively for users to connect accounts to outside services—what the Honor Council is describing is essentially the only use for an API token, and is a feature of Canvas which the Honor Council wrote “is not something that they can turn off.” Canvas’s own documentation explains to students how they can use use API tokens to connect their accounts to other apps: “Access tokens provide access to canvas resources through the Canvas API. Access tokens can be generated automatically for third-party applications or created manually.”