Table of Contents
Help us translate

This document is translated by the community. You can contribute on Crowdin. We appreciate your cooperation 🙏.

Obtaining an Access Token via MiAuth

To get an access token for users (hereinafter simply referred to as "users") who will use your application, follow these steps:

Tips

The method described below is called MiAuth, which allows instant access token issuance without creating an app.

Step 1

Generate a UUID. This will be used as the Session ID.

Danger

Generate a new session ID each time and do not reuse them.

Step 2

Display the application authentication form in the user's browser. You can open the authentication form using a URL in the following format:

https://{host}/miauth/{session}

Here,

  • Replace {host} with the user's server host. Usually, the host is input by the user.
  • Replace {session} with the session ID.

You can also set several options as query parameters in the URL:

NameDescription
nameThe name of the application.
iconThe URL of the application's icon image.
callbackThe URL to redirect to after authentication.
The session ID will be added as a session query parameter on redirect.
permissionThe permissions required by the application.
List the required permissions separated by commas.Check the list of permissions here.
https://misskey.io/miauth/c1f6d42b-468b-4fd2-8274-e58abdedef6f?name=MyApp&callback=https%3A%2F%2Fmyapp.example.com%2Fcallback&permission=write:notes,write:following,read:drive

Step 3

After the user grants access to the application, make a POST request to a URL in the following format to receive a JSON response containing the access token.

https://{host}/api/miauth/{session}/check

Here,

  • Replace {host} with the user's server host.
  • Replace {session} with the session ID.

The properties included in the response are as follows:

NameDescription
tokenThe user's access token.
userInformation about the user.