This is documentation for desktop based authentication. The process is slightly different for a web application.

1. Get a Developer API Key

To use the Advanced API, your application needs a Developer API Key. You can get one on your Developer API Key management page.

2. Request a Frob

You'll need to request a frob from Vimeo in order to get an authenticated token. The frob will identify the login session. You can get one by calling vimeo.auth.getFrob. Since this call needs to be signed, you'll need to generate a signature. Signatures are created by using your API secret and the other arguments listed in alphabetical order.

Assuming our API key is 12345 and our secret is 09876, our signature string would be:
09876api_key12345methodvimeo.auth.getFrob

Get the md5 of the signature string and that is the api_sig parameter:
901d0cf8661e695a4f224ef8fd6760d1

Our full argument list follows:

method
api_key
api_sig
vimeo.auth.getFrob
12345
901d0cf8661e695a4f224ef8fd6760d1

The response from this method looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0010">
  <frob>6789</frob>
</rsp>

3. Create a login link

The first time a user uses your application, you'll need to send them to Vimeo so they can authenticate. You do this by creating a login link.

http://vimeo.com/services/auth/?api_key=[api_key]&perms=[perms]&frob=[frob]&api_sig=[api_sig]

[api_key] should be replaced with your application's API key.

[perms] are the permissions that your app requires. Possible values are:

read
write
delete
Permission to read private information.
Permission to add, edit, and delete video metadata (comments, tags, etc). Includes read.
Permission to delete videos. Includes read and write.

[frob] is the frob from step 2.

[api_sig] is a signature of all the parameters sent to the call. Signatures are created by using your API secret and the other arguments listed in alphabetical order.

Assuming our API key is 12345 and our secret is 09876, our signature string would be:
09876api_key12345frob6789permswrite

Get the md5 of the signature string and that is the api_sig parameter:
2bb384e2acb5c4c101108cce57174b05

Now we can build the full login URL:

http://vimeo.com/services/auth/?api_key=12345&perms=write&frob=6789&api_sig=901d0cf8661e695a4f224ef8fd6760d1

Allow the user to click on an "Authorize" button which will open a browser with that URL. After you open that window, give them an option to "Continue" or "Confirm Authorization" once they've authorized via Vimeo

3a. Get the token from the frob

Once they click your continue button, your application should take the frob and convert it to a token by calling vimeo.auth.getToken. You will need to create a signature like we did before and pass it to the method.

For this method, the signature string would be:
09876api_key12345frob6789methodvimeo.auth.getToken

The signature would be:
67406f8419b95b45c52ac7ac2ecc5cf5

After passing your API Key, the frob, and your signature to the method, you should get a response like this:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <auth>
    <token>12345</token>
    <perms>write</perms>
    <user id="101193" username="brad" fullname="Brad Dougherty" />
  </auth>
</rsp>

4. Make an authenticated call

Using your token, you can make authenticated calls. A good test method is vimeo.test.login.

You don't need to pass anything special, just your API Key, method name, and auth token.

Our signature string would be:
09876api_key12345auth_token12345methodvimeo.test.login

The signature would be:
1eff519f7814888cac788950ee739aba

Which will return:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <user id="101193">
    <username>brad</username>
  </user>
</rsp>

Now that you have a token, you can go play in the API Sandbox.

Don't want to see ads?
Get Vimeo plus