{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"results":{"codes":[]},"settings":""},"next":{"description":"","pages":[]},"title":"OAuth 2","type":"basic","slug":"oauth-2","excerpt":"","body":"The Streamlabs API uses OAuth 2 for authentication. OAuth 2 can be a little tricky to get started with, and to make it easier we suggest you [use an existing SDK](http://oauth.net/2/#client-libraries). Once you have authenticated a user, include an authorization parameter or header containing a valid **access_token** in every request. \n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Token Expiration\"\n}\n[/block]\nTo keep an API secure, it is good practice to expire tokens so that if they get into the wrong hands, minimal or no damage can be done.\n\n`access_tokens` expire after 60 minutes (3600 seconds), which can be seen by the `expires_in` that comes back from a successful [/token](doc:token) request.\n\n`refresh_tokens` never expire, which means they should always be usable unless the user revokes permission or your refresh your tokens via the [/token](doc:token) endpoint.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Refreshing Tokens\"\n}\n[/block]\nBefore making an API request, you should first check if the token you are going to use has expired.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?php\\n\\n\\t//get the following from your database\\n\\t$access_token \\t= 'A4F3D';\\n  $refresh_token \\t= '1Z5G9';\\n\\t$expires_in\\t\\t\\t= 3600;\\n  $created_at\\t\\t\\t= 1438711601;\\n\\n  $client = new GuzzleHttp\\\\Client();\\n\\n\\t//check if the access_token is expired\\n\\tif ($created_at + $expires_in < now()) {\\n\\n    //the token is expired, get a new one\\n    $response = $client->post('https://streamlabs.com/api/v1.0/token', [\\n      'body' => [\\n        'grant_type'    => 'refresh_token',\\n        'client_id'     => 'YOUR_CLIENT_ID',\\n        'client_secret' => 'YOUR_CLIENT_SECRET',\\n        'redirect_uri'  => 'YOUR_CLIENT_REDIRECT_URI',\\n        'refresh_token' => $refresh_token\\n      ]\\n    ])->json();\\n    \\n    //save this new data to your database\\n    $access_token \\t= $response['access_token'];\\n    $refresh_token \\t= $response['$refresh_token'];\\n    $expires_in \\t\\t= $response['$expires_in'];\\n    $created_at \\t\\t= now();\\n\\n  }\\n\\n\\t//proceed to make your API call\\n\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]","updates":["560b0cdaafa0990d0097952e","5629ff5b24205f0d00ef4ddf","5699107f7465970d00650b47"],"order":1,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"55bad185d0736b3100bf1019","user":"55baca333f0767230008f4ff","__v":25,"createdAt":"2015-07-31T01:38:13.585Z","project":"55baca9cd0736b3100bf1008","category":{"sync":{"isSync":false,"url":""},"pages":["55baca9dd0736b3100bf100e","55baf4053f0767230008f52d","55bafa293f0767230008f536","55bafd35d0736b3100bf1052","55bb033f3f0767230008f544","55bee746ad601c2b00762bd8"],"title":"Documentation","slug":"documentation","order":0,"from_sync":false,"reference":false,"_id":"55baca9dd0736b3100bf100c","version":"55baca9cd0736b3100bf100b","project":"55baca9cd0736b3100bf1008","__v":6,"createdAt":"2015-07-31T01:08:45.128Z"},"version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["55baca9dd0736b3100bf100c","55bacba0d0736b3100bf1017","55bad8f33f0767230008f517","55baf3f01b0d66370078166e","55baf4151b0d66370078166f","55f1cca35fe76419007dc794","573e2d6e610a090e00ca2b97","58d97ce57718211b0028e6bc","599b510cb683b50031a35299","5a871c493948fd004697e677"],"_id":"55baca9cd0736b3100bf100b","createdAt":"2015-07-31T01:08:44.540Z","project":"55baca9cd0736b3100bf1008","__v":10,"releaseDate":"2015-07-31T01:08:44.540Z"},"githubsync":"","parentDoc":null}
The Streamlabs API uses OAuth 2 for authentication. OAuth 2 can be a little tricky to get started with, and to make it easier we suggest you [use an existing SDK](http://oauth.net/2/#client-libraries). Once you have authenticated a user, include an authorization parameter or header containing a valid **access_token** in every request. [block:api-header] { "type": "basic", "title": "Token Expiration" } [/block] To keep an API secure, it is good practice to expire tokens so that if they get into the wrong hands, minimal or no damage can be done. `access_tokens` expire after 60 minutes (3600 seconds), which can be seen by the `expires_in` that comes back from a successful [/token](doc:token) request. `refresh_tokens` never expire, which means they should always be usable unless the user revokes permission or your refresh your tokens via the [/token](doc:token) endpoint. [block:api-header] { "type": "basic", "title": "Refreshing Tokens" } [/block] Before making an API request, you should first check if the token you are going to use has expired. [block:code] { "codes": [ { "code": "<?php\n\n\t//get the following from your database\n\t$access_token \t= 'A4F3D';\n $refresh_token \t= '1Z5G9';\n\t$expires_in\t\t\t= 3600;\n $created_at\t\t\t= 1438711601;\n\n $client = new GuzzleHttp\\Client();\n\n\t//check if the access_token is expired\n\tif ($created_at + $expires_in < now()) {\n\n //the token is expired, get a new one\n $response = $client->post('https://streamlabs.com/api/v1.0/token', [\n 'body' => [\n 'grant_type' => 'refresh_token',\n 'client_id' => 'YOUR_CLIENT_ID',\n 'client_secret' => 'YOUR_CLIENT_SECRET',\n 'redirect_uri' => 'YOUR_CLIENT_REDIRECT_URI',\n 'refresh_token' => $refresh_token\n ]\n ])->json();\n \n //save this new data to your database\n $access_token \t= $response['access_token'];\n $refresh_token \t= $response['$refresh_token'];\n $expires_in \t\t= $response['$expires_in'];\n $created_at \t\t= now();\n\n }\n\n\t//proceed to make your API call\n", "language": "php" } ] } [/block]