Read messenger user's profile

Request permission

The Mixin Messenger uses a slightly modified OAuth 2 protocol to manage user authentication and permissions. The first step is to request an authorization code by redirecting your user to visit the URL below.

CLIENT_ID is the UUID of your app in Mixin Developers dashboard, it is not like7000xxxx , and there are three supported available scopes for now.

  • PROFILE:READ - all public user profile, including the Mixin ID, name and profile photo.

  • PHONE:READ - the phone number of Mixin user.

  • ASSETS:READ - all the assets list, balances and transaction histories.

The code_challenge PKCE is optional, and only required if you are building a client app and don't want to expose your client secret. The only supported PKCE method is S256.

Then the user will be guided to scan the QR code on the authorization page, once they approved your request, the user will be redirected to your registered redirect URI in your Mixin Developers dashboard.

Request Access Token to access user's profile

Once you have the authorization code, you are ready to request an access token.

"client_id": "CLIENT_ID",
"code": "authorization code from step above",
"client_secret": "optional client secret",
"code_verifier": "optional PKCE code verifier"

You must choose between the client_secret and code_verifier param, if you are requesting the API from your secret server, it's recommended to use client_secret. And if you are using the API in your client app, it's not safe to expose your client_secret there, you need to use the code_verifier along with code_challenge in step above.

If all correct, you will get a JSON response including the access_token and the scopes user have granted to your app. The scopes user granted may be less than what you requested.

Access user's profile

GET -H "Authorization: Bearer ACCESS_TOKEN"
"data": {
"type": "user",
"user_id": "773e5e77-4107-45c2-b648-8fc722ed77f5",
"name": "Team Mixin",
"identity_number": "7000"