Web Based API Authentication

This is documentation for web based authentication. The process is slightly different for a desktop application.

1. Get a Developer API Key

To use the Advanced API, your application needs a Developer API Key. You can get one on your Developer API Key management page.

Make sure you fill out the Callback URL field. (We'll get to that in step 3)

2. Create a login link

The first time a user uses your application, you'll need to send them to Vimeo so they can authenticate. You do this by creating a login link.

http://vimeo.com/services/auth/?api_key=[api_key]&perms=[perms]&api_sig=[api_sig]

[api_key] should be replaced with your application's API key.

[perms] are the permissions that your app requires. Possible values are:

read
write
delete

Permission to read private information.
Permission to add, edit, and delete video metadata (comments, tags, etc). Includes read.
Permission to delete videos. Includes read and write.

[api_sig] is a signature of all the parameters sent to the call. Signatures are created by using your API secret and the other arguments listed in alphabetical order.

Assuming our API key is 12345 and our secret is 6789, our signature string would be:
6789api_key12345permswrite

Get the md5 of the signature string and that is the api_sig parameter:
db83adce00f7d41600e4ee600d8d67c2

3. Create a callback page

Once the user gives permission to your application, Vimeo will forward them back to your callback page. (the Callback URL associated with the API Key)

The url will have a parameter called "frob" appended to it. So if your callback url is:
http://localhost/auth.php

the user would be redirected to:
http://localhost/auth.php?&frob=0a2b00f

Your application should take the frob and convert it to a token by calling vimeo.auth.getToken. You will need to create a signature like we did before and pass it to the method.

For this method, the signature string would be:
6789api_key12345frob0a2b00fmethodvimeo.auth.getToken

The signature would be:
e3f74c8b8939fd080a45a59b068379a8

After passing your API Key, the frob, and your signature to the method, you should get a response like this:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <auth>
    <token>12345</token>
    <perms>write</perms>
    <user id="101193" username="brad" fullname="Brad Dougherty" />
  </auth>
</rsp>

The token is what you'll need to send along to any authenticated call. It's good until the user revoke's permission via their Vimeo settings.

4. Make an authenticated call

Using your token, you can make authenticated calls. A good test method is vimeo.test.login.

You don't need to pass anything special, just your API Key, method name, and auth token.

Our signature string would be:
6789api_key12345auth_token12345methodvimeo.test.login

The signature would be:
7f8c9d783624277f0325934b0483b4f1

Which will return:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <user id="101193">
    <username>brad</username>
  </user>
</rsp>

Now that you have a token, you can go play in the API Sandbox.

Vimeo API

API Home
Simple API Documentation
oEmbed Documentation
Moogaloop Documentation
Advanced API Documentation
- Web-based authentication ←
- Desktop-based authentication
- Signing API calls
- Response formats
- Upload API
- Full method list
- Sandbox
Manage your Developer API Keys
API Forum

Vimeo developer highlights

Vimeo: About / Blog / Roadmap / Developers / Community Guidelines / Forums / Toys / Help! / Site Map / Get Vimeo Plus

Don't want to see ads?
Get Vimeo