The Streamlabs API uses OAuth 2 for authentication. OAuth 2 can be a little tricky to get started with, and to make it easier we suggest you use an existing SDK. Once you have authenticated a user, include an authorization parameter or header containing a valid access_token in every request.

Token Expiration

To keep an API secure, it is good practice to expire tokens so that if they get into the wrong hands, minimal or no damage can be done.

access_tokens expire after 60 minutes (3600 seconds), which can be seen by the expires_in that comes back from a successful /token request.

refresh_tokens never expire, which means they should always be usable unless the user revokes permission or your refresh your tokens via the /token endpoint.

Refreshing Tokens

Before making an API request, you should first check if the token you are going to use has expired.

<?php

	//get the following from your database
	$access_token 	= 'A4F3D';
  $refresh_token 	= '1Z5G9';
	$expires_in			= 3600;
  $created_at			= 1438711601;

  $client = new GuzzleHttp\Client();

	//check if the access_token is expired
	if ($created_at + $expires_in < now()) {

    //the token is expired, get a new one
    $response = $client->post('https://streamlabs.com/api/v1.0/token', [
      'body' => [
        'grant_type'    => 'refresh_token',
        'client_id'     => 'YOUR_CLIENT_ID',
        'client_secret' => 'YOUR_CLIENT_SECRET',
        'redirect_uri'  => 'YOUR_CLIENT_REDIRECT_URI',
        'refresh_token' => $refresh_token
      ]
    ])->json();
    
    //save this new data to your database
    $access_token 	= $response['access_token'];
    $refresh_token 	= $response['$refresh_token'];
    $expires_in 		= $response['$expires_in'];
    $created_at 		= now();

  }

	//proceed to make your API call