Help us translate

This document is translated by the community. You can contribute on Crowdin. We appreciate your cooperation 🙏.

Obtaining an Access Token by Creating an App (Legacy)

This document explains how to obtain an access token in versions of Misskey prior to the introduction of MiAuth (before v12.27.0) and OAuth (before v2023.9.0).
This legacy method is required for versions prior to v12.27.0.

1. Creating an Application

Send a request to the app/create endpoint to obtain an appSecret.

{
    // App name
    "name": "test",
    // App Description
    "description": "my test application",
    // App Permissions
    "permission": ["write:notes"]
}

Specifying a callbackUrl in the body of this object will cause the completed authorization request to redirect to that URL, passing a token in the query string.

2. Authorizing Clients

POST the appSecret to the auth/session/generate endpoint.

{
    "appSecret": "fAb12cD34Ef56gH78Ij16kL32Mn64oPf"
}

A token (for the sake of example we'll choose 798b9f6e-248d-43a7-a919-fabc664027f1) and a URL will be returned. To authorize the client, navigate to the URL in a web browser and allow access.

3. Obtaining an accessToken

Once you have completed Step 2, POST the appSecret and the token to the auth/session/userkey endpoint.

{
  "appSecret": "fAb12cD34Ef56gH78Ij16kL32Mn64oPf",
  "token": "798b9f6e-248d-43a7-a919-fabc664027f1"
}

You will obtain a string accessToken. You can only obtain an accessToken once.

4. Generating i

If you are using Node.js, i can be generated using the following code. Unlike the one obtained from the Control Panel, it is a 64-digit hexadecimal number.

const crypto = require("crypto")
const i = crypto.createHash("sha256")
    .update(accessToken + appSecret, "utf8")
    .digest("hex")
console.log(i)

5. Trying it out

fetch("https://misskey.io/api/notes/create", {
    method: 'POST',
    body: JSON.stringify({
        i: "/* Insert i here */",
        text: "Hello Misskey API World with My Application!"
    }),
    headers: {
        'Content-Type': 'application/json',
    },
    credentials: 'omit',
});