Authorization Code Grant
Once you have created an application, you can use your client ID and client secret to request an authorization code.
Redirecting for authorization
The first step is to redirect the user to the authorization URL https://anilist.co/api/v2/oauth/authorize
with the required parameters.
<a href="https://anilist.co/api/v2/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code">Login with AniList</a>
$query = [
'client_id' => '{client_id}',
'redirect_uri' => '{redirect_uri}', // http://example.com/callback
'response_type' => 'code'
];
$url = 'https://anilist.co/api/v2/oauth/authorize?' . urldecode(http_build_query($query));
// ...
echo "<a href='$url'>Login with Anilist</a>";
client_id
- The client ID of your applicationredirect_uri
- The redirect URI of your application.
WARNING
The redirect URI you use in your authorization request must exactly match the redirect URI you used in your application settings.
User Approval
Once the user has been redirected, they will be shown a page asking them to approve your application. If the user is not logged in, they will be prompted to log in first.
Once the user has approved your application, they will be redirected back to the redirect URI you specified. Their redirect will contain a code
query parameter representing the authorization code. In the next step, you will exchange this code for an access token.
Converting codes to tokens
Once you have an authorization code, you can exchange it for an access token. To do this, you will need to make a POST request to the https://anilist.co/api/v2/oauth/token
endpoint. The request body should include the authorization code that was issued by AniList along with the client ID and client secret of your application.
const fetch = require('node-fetch');
fetch("https://anilist.co/api/v2/oauth/token", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Accept": "application/json"
},
body: JSON.stringify({
"grant_type": "authorization_code",
"client_id": "{client_id}",
"client_secret": "{client_secret}",
"redirect_uri": "{redirect_uri}", // http://example.com/callback
"code": "{code}", // The Authorization Code received previously
})
}).then(handleResponse);
function handleResponse(response) {
if (response.statusCode == 200) {
console.log(response.body.access_token);
}
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$http = new GuzzleHttp\Client;
$response = $http->post('https://anilist.co/api/v2/oauth/token', [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => '{client_id}',
'client_secret' => '{client_secret}',
'redirect_uri' => '{redirect_uri}', // http://example.com/callback
'code' => '{code}', // The Authorization code received previously
],
'headers' => [
'Accept' => 'application/json'
]
]);
return json_decode($response->getBody())->access_token;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
client_id
- The client ID of your applicationclient_secret
- The client secret of your applicationredirect_uri
- The redirect URI of your applicationcode
- The authorization code received from the user
The response will contain an access_token
field with a JWT token. With this token, you can make authenticated requests to the AniList API.