This document is translated by the community. You can contribute on Crowdin. We appreciate your cooperation 🙏.
Obtaining an Access Token by Creating an App (Legacy)
This document explains how to obtain an access token in versions of Misskey prior to the introduction of MiAuth (before v12.27.0) and OAuth (before v2023.9.0).
This legacy method is required for versions prior to v12.27.0.
1. Creating an Application
Send a request to the app/create
endpoint to obtain an appSecret
.
{
// App name
"name": "test",
// App Description
"description": "my test application",
// App Permissions
"permission": ["write:notes"]
}
Specifying a callbackUrl
in the body of this object will cause the completed authorization request to redirect to that URL, passing a token
in the query string.
2. Authorizing Clients
POST the appSecret
to the auth/session/generate
endpoint.
{
"appSecret": "fAb12cD34Ef56gH78Ij16kL32Mn64oPf"
}
A token
(for the sake of example we'll choose 798b9f6e-248d-43a7-a919-fabc664027f1
) and a URL will be returned. To authorize the client, navigate to the URL in a web browser and allow access.
3. Obtaining an accessToken
Once you have completed Step 2, POST the appSecret
and the token
to the auth/session/userkey
endpoint.
{
"appSecret": "fAb12cD34Ef56gH78Ij16kL32Mn64oPf",
"token": "798b9f6e-248d-43a7-a919-fabc664027f1"
}
You will obtain a string accessToken
. You can only obtain an accessToken
once.
4. Generating i
If you are using Node.js, i
can be generated using the following code. Unlike the one obtained from the Control Panel, it is a 64-digit hexadecimal number.
const crypto = require("crypto")
const i = crypto.createHash("sha256")
.update(accessToken + appSecret, "utf8")
.digest("hex")
console.log(i)
5. Trying it out
fetch("https://misskey.io/api/notes/create", {
method: 'POST',
body: JSON.stringify({
i: "/* Insert i here */",
text: "Hello Misskey API World with My Application!"
}),
headers: {
'Content-Type': 'application/json',
},
credentials: 'omit',
});