API & Webhooks

Chess Scanner can act as an OAuth 2.0 provider, so you can build your own app or ecosystem on top of it. With the user's permission, your app can read their chess databases and games, and get notified in real time when something changes.

You'll work with four pieces:

  1. OAuth App. Register an application to get a Client ID and Client Secret.
  2. Authorization. Send the user through the OAuth flow to get an access token on their behalf.
  3. API. Use that token to read databases and games as JSON or PGN.
  4. Webhooks. Receive a signed HTTP callback when a game is created, updated, or deleted.

The typical flow

  1. Create an OAuth App and pick the permissions it needs.
  2. Implement the Authorization flow to get an access token for a user.
  3. Call the API with Authorization: Bearer <token>.
  4. Add a Webhook if you'd rather not poll for changes.

Base URLs

PurposeBase URL (example)
OAuth provider (authorize, token)https://chessscanner.com
API (read databases & games)https://api.chessscanner.com

Permissions (scopes)

ScopeAllows reading
user.readThe user's basic profile (name, email, avatar)
databases.readThe user's databases
games.readGames, single games, PGN export and the changes feed
offline_accessIssues a refresh token for long-lived access

Your app only sees what the user granted it, and the API checks the scopes on every request.

Was this page helpful?