">mixi Developer Center (mDC)

mixi Apps

mixi Apps (English) » Technical Specification (new method) » PC » User Permission

User Permission

The characteristic of the mixi app is social functions with profile information and friend’s information.
Also, you are able to create the social application with advanced features by taking advantage of the various contents stored on mixi.

They can be used with the mixi Graph API and User Flow API of JavaScript API.
You neet to obtain user permission in order to use the APIs

The procedure for user permission

Use the User Permission API (mixi.auth()function) in order to obtain user permission in a mixi app.
You need to finish Preparing to use the JavaScript API in order to use the JavaScript API.

Execute the mixi.auth()function as shown below.

    scope: "mixi_apps2 r_profile r_voice w_voice",
    state: "5c1b3eea390b53f54ad0975e9a4bbba2"

The specified parameters are listed below.

Parameter Value
scope Space separated strings that lists the scope you want to obtain the permission.
state Given parameter when redirecting to redirect URI.
Please make sure the session is maintained with this parameter if the application has a session.

Please refer to the API document for the mixi Graph API about the scope.

If the session with state parameter is not maintained, CSRF vulnerability for the application may exist. To prevent it, please include hash values for the session ID in the state parameter. Then, please make sure of the integrity of the combination of sessions with the state parameter when redirecting to the redirect URI. For more details, please refer to the following URL.

Executing the mixi.auth() function, the dialog to obtain user permission for the mixi Graph API is displayed.
When the user permits or declines the permission, the src of iframe that displays a mixi app is changed. Then, they are transitioned to the redirect URI edited in registration.

Redirect as below when the user permits.

Parameter Summary
code Authorization Code
state The specified state value with the mixi.auth() function

You may obtain the access token in order to access the mixi graph API from this authorization code. Please refer to the mixi Graph API Obtaining refresh token and access token about how to obtain the access token.
The published Authorization Code’s expiration is 3 minutes.

You are redirected as below if you are not permitted, such as declining user permission.

Parameter Summary
error The detail of error
state The specified state value when calling a dialog

User permission when the dialog is not displayed

In the mixi.auth() function, when the following scopes are permitted, the Authorization Code is published without displaying the dialog for user permission.

  • mixi_apps2
  • r_profile
  • r_profile_blood_type
  • r_profile_birthday
  • r_profile_gender

When the other scope is specified as the scopes above, the dialog is displayed as usual.