Account
Sign up, sign in, email verification, profile, OAuth, account deletion and data export.
Sign up
Sign up at https://www.canalapi.com via one of two entry points:
- Email + password — receive a one-time code by email; passwords are at least 8 characters.
- Third-party (OAuth) — currently GitHub and Google. After authorization you go straight into the console.
The flow is protected by a human-check challenge (Cloudflare Turnstile). If you arrive through a referral link, the referral code is auto-filled.
Email verification
- For email-password sign-up, the one-time code is sent to your registration email and is typically valid 5 – 10 minutes.
- If you don't receive it, check spam / promotions, then use Resend (subject to rate limiting).
- The account can only call the API after verification.
Sign in
- Email + password — default entry point; if 2FA is enabled you'll be prompted for the second factor.
- Third-party — same buttons as sign-up; existing accounts sign in directly, new identities are linked into an existing email account.
- Remember me — extends the session duration. You can revoke other sessions anytime from Security.
Forgot password
Click Forgot password on the sign-in page → enter your email → set a new password via the link in the email. See Security → Forgot password for details.
Profile
Under Console → Settings → Profile you can update:
- Display name
- Email (changes require re-verifying the new address)
- Avatar URL
- Preferred language (zh-CN / en / ja)
- Time zone (affects how dates display in the console)
- Reference currency (display-only; does not change the billing currency)
- Company name (auto-fills invoices)
- Default model (pre-fills certain console controls)
- Theme (dark / light / system)
Unsaved edits show an Unsaved changes banner — just confirm to save.
Notification preferences
Under Settings → Preferences you can toggle:
- Daily / weekly usage summaries
- Error spike alerts
- Low-balance alerts (with custom threshold)
- New-device login alerts
- Product news
SMS notifications (where available) are managed under Settings → SMS, including phone-number binding and opt-in status.
Third-party account management
If you have both GitHub and Google linked:
- The list of linked providers is visible under Settings → Profile.
- Before unlinking, make sure at least one sign-in method remains usable.
Security
Change password, 2FA, active sessions, trusted devices — see Security.
Delete account and export data
CanalAPI supports the following user-initiated privacy actions:
Data export
Settings → Account → Request export exports your account metadata (profile, key list, recent billing / usage summaries).
- The job runs asynchronously; a download link is emailed when ready.
- Exports do not include prompt / completion content (none is retained).
- Export requests are rate-limited per account.
Delete account
Settings → Account → Delete account:
- Click delete; the account enters a pending deletion state with a cooling-off window.
- You can cancel deletion any time during the window.
- After the window the account and all associated data are permanently removed: API keys revoke, subscriptions terminate.
- If you have remaining balance, request a refund or exhaust it before the deletion completes.
Deletion is irreversible once the cooling-off window passes. We recommend exporting your data and downloading past invoices first.
Compliance and invoicing
CanalAPI is operated by a Japan-incorporated entity. Invoices are issued under Japanese tax law (Qualified Invoice / 適格請求書). For specific billing entity, tax ID, or invoice format, configure them on Billing → Profile before topping up — see Billing.