Xiaomi Open API

1. Getting User’s Profile

request url: `https://open.account.xiaomi.com/user/profile`

request method: GET

request scope: 1

request params:

name	required	type	description
clientId	yes	long	allocated APP ID during app requests
token	yes	string	access token received by client, after the user gives access

response data:

SUCCESS

{
  "result": "ok",
  "description": "success",
  "data": {
            "miliaoNick": "xiaomi user nickname",
            "unionId": "xiaomi user uniquely identify within all of your APP scope",
            "miliaoIcon": "profile pic url (several resolutions)"
           },
  "code": 0
}

FAILED (oauth error code list)

{
   "result": "error",
   "description": "error description",
   "code": "error code"
}

2. Getting User’s OpenId

request url: `https://open.account.xiaomi.com/user/openidV2`

request method: GET

request scope: 3

request params:

name	required	type	description
clientId	yes	long	allocated APP ID during app requests
token	yes	string	access token received by client, after the user gives access

response data:

SUCCESS

{
  "result": "ok",
  "description": "success",
  "data": {
             "openid": "openid"
          },
  "code": 0
}

FAILED (oauth error code list)

{
   "result": "error",
   "description": "error description",
   "code": "error code"
}

3. Getting User’s Phone Number and Email Address

request url: `https://open.account.xiaomi.com/user/phoneAndEmail`

request method: GET

request scope: 4 and 6

request params:

name	required	type	description
clientId	yes	long	allocated APP ID during app requests
token	yes	string	access token received by client, after the user gives access

response data:

SUCCESS

{
  "result": "ok",
  "description": "success",
  "data": {
              "phone": "user’s phone number， returned empty in case of abscence",
              "email":  "user’s email address， returned empty in case of abscence"
          },
  "code": 0
}

FAILED (oauth error code list)

{
   "result": "error",
   "description": "error description",
   "code": "error code"
}

4. Get User’s MiChat Friend List

request url: `https://open.account.xiaomi.com/user/relation`

request method: GET

request scope: 2

request params:

name	required	type	description
clientId	yes	long	allocated APP ID during app requests
token	yes	string	access token received by client, after the user gives access

response data:

SUCCESS

{
  "result": "ok",
  "description": "success",
  "data": {
            "friends": "friend list"
          },
  "code": 0
}

FAILED (oauth error code list)

{
   "result": "error",
   "description": "error description",
   "code": "error code"
}

5. Verificate User’s Password

request url: `https://open.account.xiaomi.com/checkPassword`

request method: GET

request params:

name	required	type	description
clientId	yes	long	allocated APP ID during app requests
xmUserId	yes	long	user id, acquired through `user/profile`
callback	yes	string	full url which starts with http or https and is in the same domain as the redirect url, for notifying about password verification results get request type must be used

response data:

If the request was successful, the server will send a callback to the user’s browser and add xmResult， _xmNonce, _xmSign, code, xmUserId, etc.

name	type	description
xmResult	boolean	true: verification successful, false or no data: verification error
_xmNonce	string	composed of a random number and timestamp, format: random number:current minutes (from 00:00 January 1, 1970)
_xmSign	string	response to make sure it wasn’t altered
code	string	new authorization code which can be used by third party for replacing access token (in places with higher security standards access token can be used again to get user id)
xmUserId	long	actual account verified by Xiaomi (not always coming from a third party), may be maliciously tamper with

NOTE： Third parties must verify _xmSign which comes in callback, otherwise responsibility for any loss or damage will be borne by the respective third parties.

xiaomi-passport.github.io

xiaomi passport group blog

Xiaomi Open API

1. Getting User’s Profile

request url: `https://open.account.xiaomi.com/user/profile`

request method: GET

request scope: 1

request params:

response data:

2. Getting User’s OpenId

request url: `https://open.account.xiaomi.com/user/openidV2`

request method: GET

request scope: 3

request params:

response data:

3. Getting User’s Phone Number and Email Address

request url: `https://open.account.xiaomi.com/user/phoneAndEmail`

request method: GET

request scope: 4 and 6

request params:

response data:

4. Get User’s MiChat Friend List

request url: `https://open.account.xiaomi.com/user/relation`

request method: GET

request scope: 2

request params:

response data:

5. Verificate User’s Password

request url: `https://open.account.xiaomi.com/checkPassword`

request method: GET

request params:

response data:

xiaomi-passport.github.io

xiaomi passport group blog

Xiaomi Open API

1. Getting User’s Profile

request url: https://open.account.xiaomi.com/user/profile

request method: GET

request scope: 1

request params:

response data:

2. Getting User’s OpenId

request url: https://open.account.xiaomi.com/user/openidV2

request method: GET

request scope: 3

request params:

response data:

3. Getting User’s Phone Number and Email Address

request url: https://open.account.xiaomi.com/user/phoneAndEmail

request method: GET

request scope: 4 and 6

request params:

response data:

4. Get User’s MiChat Friend List

request url: https://open.account.xiaomi.com/user/relation

request method: GET

request scope: 2

request params:

response data:

5. Verificate User’s Password

request url: https://open.account.xiaomi.com/checkPassword

request method: GET

request params:

response data:

request url: `https://open.account.xiaomi.com/user/profile`

request url: `https://open.account.xiaomi.com/user/openidV2`

request url: `https://open.account.xiaomi.com/user/phoneAndEmail`

request url: `https://open.account.xiaomi.com/user/relation`

request url: `https://open.account.xiaomi.com/checkPassword`