Skip to main content

Authentication

AniAPI uses JSON Web Tokens to authenticate requests. Each JWT is referred to an user id and is valid for 30 days. When a JWT expires, the user should login again to obtain a new one.

You can obtain your JWT on your profile page.

Authentication on secured endpoints is managed with HTTP Bearer Auth, which expects the use of Authorization HTTP header:

  curl -i https://api.aniapi.com/v1/user_story -H "Authorization: Bearer <YOUR_JWT>"

Validation#

Since JWTs have an expiration time, you will have to validate your JWT before making requests to the API. Therefore you will need to make a validation request to https://api.aniapi.com/v1/auth/me in order to find out if your JWT is still usable.

Example request
curl -i https://api.aniapi.com/v1/auth/me -H "Authorization: Bearer <YOUR_JWT>"

If your JWT is valid you will get a response like below:

Example response
{    "status_code": 200,    "message": "Hi Dazorn",    "data": {        "username": "Dazorn",        "id": 1,        //...    },    "version": "1"}

OAuth#

AniAPI gives the possibility to access protected endpoints from third-party apps.

You can view and manage all your clients on the developer page, after signing in.

Do I need to use OAuth?#

If you want to allow users to login with their AniAPI acccount and have complete access on their data you will need to use OAuth. Otherwise, if your application's scope is read-only on public data, you won't need it.

Which grant type should I use?#

It depends on the environment where your app is running: