This is documentation for desktop based authentication. The process is slightly different for a web application. You must follow one of these two processes if you want to authenticate with Vimeo.

Note: This authentication method has been deprecated. Please see the OAuth authentication guide.

Get a Developer API Key

To use the Advanced API, need to register your application. You need to be logged in to register your application.

Request a Frob

You'll need to request a frob from Vimeo in order to get an authenticated token. The frob will identify the login session. You can get one by calling vimeo.auth.getFrob. Since this call needs to be signed, you'll need to generate a signature. Signatures are created by using your API secret and the other arguments listed in alphabetical order.

Assuming our API key is 12345 and our secret is 09876, our signature string would be:
09876api_key12345methodvimeo.auth.getFrob

Get the md5 of the signature string and that is the api_sig parameter:
901d0cf8661e695a4f224ef8fd6760d1

Our full argument list follows:

method
vimeo.auth.getFrob
api_key
12345
api_sig
901d0cf8661e695a4f224ef8fd6760d1

The response from this method looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0010">
  <frob>6789</frob>
</rsp>

Create a login link

The first time a user uses your application, you'll need to send them to Vimeo so they can authenticate. You do this by creating a login link.

http://vimeo.com/services/auth/?api_key=api_key&perms=perms&frob=frob&api_sig=api_sig

api_key
should be replaced with your application's API key.
api_sig
is a signature of all the parameters sent to the call. Signatures are created by using your API secret and the other arguments listed in alphabetical order.
frob
is the frob from step 2.
perms
are the permissions that your app requires. Possible values are:

read
Permission to read private information.
write
Permission to add, edit, and delete video metadata (comments, tags, etc). Includes read.
delete
Permission to delete videos. Includes read and write.
Assuming our API key is 12345 and our secret is 09876, our signature string would be:
09876api_key12345frob6789permswrite

Get the md5 of the signature string and that is the api_sig parameter:
2bb384e2acb5c4c101108cce57174b05

Now we can build the full login URL:

http://vimeo.com/services/auth/v2/?api_key=12345&perms=write&frob=6789&api_sig=901d0cf8661e695a4f224ef8fd6760d1

Allow the user to click on an "Authorize" button which will open a browser with that URL. After you open that window, give them an option to "Continue" or "Confirm Authorization" once they've authorized via Vimeo

Get the token from the frob

Once they click your continue button, your application should take the frob and convert it to a token by calling vimeo.auth.getToken. You will need to create a signature like we did before and pass it to the method.

For this method, the signature string would be:
09876api_key12345frob6789methodvimeo.auth.getToken

The signature would be:
67406f8419b95b45c52ac7ac2ecc5cf5

After passing your API Key, the frob, and your signature to the method, you should get a response like this:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <auth>
    <token>12345</token>
    <perms>write</perms>
    <user id="101193" username="brad" fullname="Brad Dougherty" />
  </auth>
</rsp>

Make an authenticated call

Using your token, you can make authenticated calls. A good test method is vimeo.test.login.

You don't need to pass anything special, just your API Key, method name, and auth token.

Our signature string would be:
09876api_key12345auth_token12345methodvimeo.test.login

The signature would be:
1eff519f7814888cac788950ee739aba

Which will return:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok" generated_in="0.0021">
  <user id="101193">
    <username>brad</username>
  </user>
</rsp>