Nevertheless, as far as I know, MyAnimeList was and still is the largest anime information database website, which also happens to be infamous to the developers for its unstable APIs. This document intends to create an up-to-date specification for the private (open-beta) APIs that MyAnimeList is using in its official mobile apps.What is MyAnimeList authorization server?
MyAnimeList authenticates the user. The user authorizes the client on MyAnimeList. MyAnimeList authorization server redirects back to YOUR_REDIRECT_URI. The authorization code returned from the initial request. Normally, this value is nearly 1,000 bytes long.How do I authenticate clients to MyAnimeList?
MyAnimeList supports two schemes to authenticate clients. The form of access token request varies depending on which scheme you use. MyAnimeList supports the HTTP Basic authentication scheme as defined in RFC2617 to authenticate with the authorization server.How to integrate MyAnimeList with Mal’s PKCe?
First you need to register your application in MAL’s system and get a client_id and a client secret. Please register from this form. MyAnimeList supports PKCE to prevent authorization code interception attacks, mainly native apps. In accordance with the procedures in Section 4.1 and Section 4.2, generate code_verifier and code_challenge.