Introduction

If you want to act as another user in chat, access a user's private resources as part of your app, or just want to use Mixer credentials to authenticate your users, it's best to use OAuth so the users' credentials don't need to be stored on your servers.

OAuth is a system that replaces traditional user/password combos with app-specific tokens. Your app can request a set of tokens for a certain user with a specific set of permissions. This way your app only gets access to what it needs and all other details will stay hidden. It's a win-win scenario for both your app's functionality, and our users' privacy.

To start using OAuth create an application as described below.

Registering Your Application

To create an application, head over to your OAuth Clients page. Once there, click the blue "Create New Client" button and it'll open the creation form.

On this page you'll need to enter some basic details about your application, like its name, website and logo. All of these details will be displayed publicly to users of your app.

Hosts

The hosts parameter is an important one; it tells us what domains your application can redirect to. This should be set to domains you control. You can use wildcards. For example, *.mixer.com, will allow redirects to all subdomains on mixer.com, but not mixer.com itself. You can enter multiple hosts by separating them with commas.

Using OAuth

The OAuth 2.0 protocol is simple enough, but that doesn't mean you should implement it from scratch. Most popular languages will have a library to easily interface with an OAuth server. A partial list of suggested clients can be found on this website. If you're interested in reading an in depth explanation of how OAuth works head here.

We strongly advise you to use an existing OAuth client library whenever possible, rather than writing your own implementation. OAuth is hard to securely implement, and the time you spend trying to do so would be better spent building something awesome.

"To be clear, OAuth 2.0 at the hand of a developer with deep understanding of web security will likely result is a secure implementation. However, at the hands of most developers – as has been the experience from the past two years – 2.0 is likely to produce insecure implementations."

Eran Hammer

To use our OAuth implementation you'll just need the URLs which can be found at the top of this page and your token from the OAuth Clients page.

Authenticating with a short code

For convenience, we also provide an alternative authentication method where the user is prompted to enter a temporary code to approve your application. This method makes sense for situations where it is more difficult to embed a browser or require keyboard input from the user.

  1. Your application sends a POST request to the /oauth/shortcode endpoint to receive a short-lived, six-digit code and a longer handle.
  2. Your application asks the user to go to mixer.com/go and enter the code.
  3. Your application polls /oauth/shortcode/check/{handle} with the value of handle to check if the code has been used.
  4. If the user entered the code and accepted your application, you will receive an OAuth authorization code, code, which you will then pass to the /oauth/token endpoint through the standard authorization_code process.

OAuth Scopes

To request access to a users' account you need to use scopes. Scopes limit the amount of access a certain application has to the account. The full list of scopes which can be requested are listed below, and are also listed on the endpoints themselves over on the REST API reference.

Scope Description
achievement:view:self View your earned achievements.
channel:analytics View analytics for a channel.
channel:analytics:self View your channel analytics.
channel:costream:self Manage your costreaming requests.
channel:deleteBanner Delete a channel's banner
channel:deleteBanner:self Delete your channel banner
channel:details:self View your channel details.
channel:follow:self Follow and unfollow other channels.
channel:partnership Create and view partnership applications.
channel:partnership:self Manage your partnership status.
channel:streamKey:self View your channel's stream key.
channel:update:self Update your channel settings
chat:bypass_links Bypass links being disallowed in chat.
chat:bypass_slowchat Bypass slowchat settings on channels.
chat:change_ban Manage bans in chats.
chat:change_role Manage roles in chats.
chat:chat Interact with chats on your behalf.
chat:clear_messages Clear messages in chats where authorized.
chat:connect Connect to chat.
chat:edit_options Edit chat options, including links settings and slowchat.
chat:giveaway_start Start a giveaway in chats where authorized.
chat:poll_start Start a poll in chats where authorized.
chat:poll_vote Vote in chat polls.
chat:purge Clear all messages from a specific user in chat.
chat:remove_message Remove own and other's messages in chat.
chat:timeout Change timeout settings in chats.
chat:view_deleted View deleted messages in chat.
chat:whisper Gives the ability to whisper in a channel
interactive:manage:self Create, update and delete the interactive games in your account.
interactive:robot:self Run as an interactive game in your channel.
invoice:view:self View the users invoices.
log:view:self View and manage your security log.
notification:update:self Create and manage your notifications.
notification:view:self View your notifications.
recording:manage:self Manage the users VODs.
redeemable:create:self Create redeemables after performing a purchase.
redeemable:redeem:self Use users redeemable.
redeemable:view:self View users redeemables.
resource:find:self View emoticons and other graphical resources you have access to.
subscription:cancel:self Cancel your subscriptions.
subscription:create:self Create new subscriptions.
subscription:renew:self Renew your existing subscriptions.
subscription:view:self View who you're subscribed to.
team:administer Administrate teams the user has rights in.
team:manage:self Create, join, leave teams and set the users primary team.
transaction:cancel:self Cancel pending transactions.
transaction:view:self View your pending transactions.
type:viewHidden Gives the ability to view hidden types in ES
user:analytics:self View your user analytics
user:details:self View your email address and other private details.
user:getDiscordInvite:self View users discord invites.
user:log:self View your user security log.
user:notification:self View and manage your notifications.
user:seen:self Mark a VOD as seen for the user.
user:update:self Update your account, including your email but not your password.
user:updatePassword:self Update your password.

Need more help?

If you're still not sure, or would like some help, hit us up on Gitter!