🔒 OAuth Required
Get the user's settings so you can align your app's experience with what they're used to on the trakt website. A globally unique uuid is also returned, which can be used to identify the user locally in your app if needed. However, the uuid can't be used to retrieve data from the Trakt API.
Limits
The limits object is useful to customize your user experience. For example, if the user has a list limit of 2, you might want to show a message to the user that they need to upgrade to Trakt VIP to add more lists.
Permissions
The permissions object is also useful to customize your user experience. In general, an account will have permissions to do everything. However, we'll temporarily set a permission to false if the user triggers spam protections.
| API Key | Label | Last Used | |
|---|---|---|---|
Authentication
If you know what's up with OAuth2, grab your library and starting rolling. If you have access to a web browser (mobile app, desktop app, website), use standard OAuth. If you don't have web browser access (media center plugins, smart watches, smart TVs, command line scripts, system services), use Device authentication.
To obtain a client_id and client_secret, create an application on the Trakt website. Here are some helpful links to get your started:
Authorization Code Flow
📱💻🖥️⌨️
For mobile app, desktop app, website.
Application Flow
- Redirect to request Trakt access. Using the
/oauth/authorizemethod, construct then redirect to this URL. The Trakt website will request permissions for your app and the user will have the opportunity to sign up for a new Trakt account or sign in with their existing account. - Trakt redirects back to your site. If the user accepts your request, Trakt redirects back to your site with a temporary code in a code GET parameter as well as the state (if provided) in the previous step in a
stateparameter. If the states don’t match, the request has been created by a third party and the process should be aborted. - Exchange the code for an access token. If everything looks good in step 2, exchange the
codefor an access token using the /oauth/token method. Save theaccess_tokenso your app can authenticate the user by sending theAuthorizationheader as indicated below or in any example code. Theaccess_tokenis valid for 7 days. Save and use therefresh_tokento get a newaccess_tokenwithout asking the user to re-authenticate.
Device Code Flow
📺⌚️📟🛠️
Device authentication is for apps and services with limited input or display capabilities. This include media center plugins, smart watches, smart TVs, command line scripts, and system services.
Your app displays an alphanumeric code (typically 8 characters) to the user. They are then instructed to visit the verification URL on their computer or mobile device. After entering the code, the user will be prompted to grant permission for your app. After your app gets permissions, the device receives an access_token and works like standard OAuth from that point on. More details below.
Device Flow
- Generate codes. Your app calls /oauth/device/code to generate new codes. Save this entire response for later use.
- Display the code. Display the
user_codeand instruct the user to visit theverification_urlon their computer or mobile device. - Poll for authorization. Poll the /oauth/device/token method to see if the user successfully authorizes your app. Use the
device_codeand poll at theinterval(in seconds) to check if the user has authorized your app. Check the docs below for the specific error codes you need to handle. Useexpires_into stop polling after that many seconds, and gracefully instruct the user to restart the process. It is important to poll at the correct interval and also stop polling when expired. - Successful authorization. When you receive a
200success response, save theaccess_tokenso your app can authenticate the user in methods that require it. Theaccess_tokenis valid for 7 days. Save and use therefresh_tokento get a newaccess_tokenwithout asking the user to re-authenticate. It's normal OAuth from this point.
User Flow
- Call to action. Consider your user experience when asking a user to connect their Trakt account. For some devices this will be right away, and for others it might be later in the experience.
- Display the code. When a user clicks the call to action, your app calls /oauth/device/code to generate new codes. In your UI, display the
user_codeand instruct the user to visit theverification_urlon their computer or mobile device. Theuser_codeis typically 8 characters, so make sure there is enough room to display the full code. - Authorizing your app. When the user visits the
verification_urlit first checks to make sure they're signed in. If not signed in, they'll be able to or can sign up for a new account. After entering the code, the user will be prompted to grant permission for your app. Once approved, the user will see a success message indicating their device is connected. - Confirm successful authorization. Your app will be polling to see if the user successfully authorizes your app. Once they have, refresh your UI to indicate a successful connection has been made.