And because CordChat’s CDN cached everything aggressively, those private images had already been served as thumbnails in public channels, reposted by bots, and saved to user libraries.
The SDK was elegant. OAuth 2.1 with a custom PKCE extension. A shared JWT that carried both the user’s Artify asset manifest and their CordChat role permissions. The killer feature: "Live Canvas," where five friends could edit the same Picsart-style image inside a CordChat voice channel. picsart account discord sdk
The press, however, got a different version. Artify’s CTO published a post-mortem titled “On Scope and Trust: Lessons from the Canvas SDK Handshake.” It became required reading for every developer using their API. A shared JWT that carried both the user’s
That “all” included Scrapbook—Artify’s equivalent of a private, unlisted folder where users dumped unfinished, personal, or NSFW experiments. Artify’s CTO published a post-mortem titled “On Scope