+-------------------+ +---------------+
| |----------- Authorization Grant --------->| |
| |<---------- Authorization Code -----------| |
| | | |
| | | |
| |-------------- Access Token ------------->| |
| |<---------- Protected Resource -----------| |
| Client | | |
| (your mobile app) | | Shikimori |
| (or website) |-------------- Access Token ------------->| |
| |<---------- Invalid Token Error ----------| |
| | (token is expired) | |
| | | |
| | | |
| |------------- Refresh Token ------------->| |
| |<----------- New Access Token ------------| |
| | & Refresh Token | |
+-------------------+ +---------------+In your application, redirect the user to shikimori authorization page.
https://shikimori.one/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&response_type=code&scope=There the user must authorize your application so you could receive an authorization token.
curl -X POST "https://shikimori.one/oauth/token" \
-H "User-Agent: APPLICATION_NAME" \
-F grant_type="authorization_code" \
-F client_id="CLIENT_ID" \
-F client_secret="CLIENT_SECRET" \
-F code="AUTORIZATION_CODE" \
-F redirect_uri="REDIRECT_URI"Access Token is expired in 1 day.
When your Access Token is expired you will get 401 status code with the message
{"error":"invalid_token","error_description":"The access token is invalid","state":"unauthorized"}curl -X GET https://shikimori.one/api/users/whoami \
-H "User-Agent: APPLICATION_NAME" \
-H "Authorization: Bearer ACCESS_TOKEN"Use your Refresh Token to obtain new Access Token and Refresh Token.
curl -X POST "https://shikimori.one/oauth/token" \
-H "User-Agent: APPLICATION_NAME" \
-F grant_type="refresh_token" \
-F client_id="CLIENT_ID" \
-F client_secret="CLIENT_SECRET" \
-F refresh_token="REFRESH_TOKEN"