Authorization
The OAuth2 Authorization Code Grant Flow with device-specific permissions.
A
The client application requests authorization to access the Miele 3rd Party API
| KEY | EXPLANATION | COMMENT |
|---|---|---|
| client_id | The unique client ID assigned to your application during registration. | |
| response_type | Specifies that your app expects an authorization code in return. | |
| redirect_uri | The URL your user will be redirected to after completing the authorization flow. | |
| state | A random string generated by your app to maintain request integrity and prevent CSRF attacks. You'll validate this value later. | optional |
| scope | Defines the permissions your app is requesting. Multiple scopes can be requested by separating them with %20 (URL-encoded space). | |
| Available scopes include: | ||
• mcs_thirdparty_read: Grants read access to appliance states, available actions, programs, and other appliance details. | ||
• mcs_thirdparty_write: Allows triggering actions like powering on appliances or starting programs. | ||
mcs_thirdparty_media: Enables access to media generated by appliances (e.g., oven camera images). | ||
• openid: Required for technical reasons. | mandatory | |
| For a detailed mapping of scopes to endpoints, refer to the Swagger documentation. |
B
The user authenticates using their username, password, and the Miele subsidiary associated with their account. As part of the OAuth2 authorization flow, the authorization server redirects the user to a dedicated consent page. On this page, the user explicitly grants your application permission to access the Miele Third-Party API. Additionally, the user can select which of their connected appliances your application is allowed to access. This means access is scoped per device, and your application may not receive access to all appliances in the user's account—only to those explicitly approved.
| KEY | EXPLANATION | COMMENT |
|---|---|---|
| The e-mail address belonging to the Miele user account | ||
| password | The corresponding password | |
| country | The Miele subsidiary the Miele user account belongs to |
C
The Authorization server redirects to the client application and is passing the authorization code
| KEY | EXPLANATION | COMMENT |
|---|---|---|
| code | The server returns the authorization code in the query string | |
| state | The server returns the same state value that you passed | optional |
D
The client application is requesting an access_token by using the authorization code.
| KEY | EXPLANATION | COMMENT |
|---|---|---|
| client_id | The client ID you received after the registration | |
| client_secret | The client secret you received after the registration | |
| code | The authorization code returned by the authorization server before to complete | |
| grant_type | The grant type for this flow is authorization_code | always authorization_code |
| redirect_uri | Must be identical to the redirect URI provided in the original link |
E
The Authorization server returns the access token. The token is issued as a signed JWT token containing multiple claims which contain the country of the customer, the appliance serial numbers that have been granted access to.
F
The client application has to use the access_token for all subsequent API calls
| KEY | EXPLANATION | COMMENT |
|---|---|---|
| access_token | The access_code for the every single API call |
G
The Resource Server returns the requested resources