How to find out the victim's access token. Connecting and working with vk api

Developers quite often have to deal with applications and services that, in the process of interacting with the social network Vkontakte, require an access key - access_token.

In this tutorial, we'll look at two very similar methods to get it.

How will the process go

All that is required of us is to substitute the id of the application in the URL. It is also available to edit the sections to which we allow access through the created access_token.

In fact, we will generate a ready-made url, and substitute the id of two different applications. This will make the difference. After that, we will follow the prepared link and receive an access key.

Link to get the key

Here is the finished url address. Here we are primarily interested in the data after the = sign. In the example below, it says Application-ID . We, in turn, will substitute a specific number there.

https://oauth.vk.com/authorize?client_id=application-id&scope=notify,photos,friends,audio,video,notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats, ads,offline&redirect_uri=https://api.vk.com/blank.html&display=page&response_type=token

Also note the data after the word "scope". Here we list the sections to which the key will open access. In order to prevent applications from accessing the section with our friends, remove the text "friends" from the link. The rest is by analogy.

Now it remains only to get the ID.

We get an ID through our own application

To create it, we need to go to the appropriate section available in the developer account. Follow the link there.

https://vk.com/apps?act=manage

And push the button "Create Application".

Specify the name and type of the application (see ). Then click on the button "Connect App".

Since recently, all operations in the developer account must be confirmed via SMS. In the window that opens, select the item "Confirm via SMS". Get a code for your mobile phone, then enter it into the form.

The application will be created. Now go to the "Settings" tab. Here in the block, the set of numbers we need will be indicated. Copy it.

Now we have everything we need.

We use the ID of the official Vkontakte application

The second way to get an ID is just to take finished application. And best of all - official app Vkontakte for Android. His ID is "2890984". You can use.

Get Access_token

https://oauth.vk.com/authorize?client_id=2890984&scope=notify,photos,friends,audio,video,notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats,ads, offline&redirect_uri=https://api.vk.com/blank.html&display=page&response_type=token

The browser will open a page with a notice that you should not provide the access key to third parties. And in the address bar of the browser - the generated key. It is between the "access_token=" and "&expires_in" values. Copy it.

Conclusion

The key can be updated by repeating the described steps. Refrain from distributing it to third parties, as well as from obtaining a key using unreliable applications and services. The considered method is the safest.

What is a VK token? Nowadays, technology is developing at a very fast pace. At the same time, social networks are gaining huge momentum. Not having an account in at least one of the social networks is already impossible for every person, according to at least among young people and girls. Every day they are replenished with terabytes of photos, videos and even a primitive unit of knowledge of the text.

What is a VK token

But unfortunately, few people know about the special "chips" of this resource. Someone really spends little time there, for someone they simply do not represent a need.
One of these notables is the so-called "token" in this social network, few users know what a VK token is.

What is an access token in VKontakte.

VK token is a long string consisting of characters: numbers and letters of the Latin alphabet. It would seem that there is nothing special about it, but it gives great opportunities to the user who activated it.

For example, write certain messages certain person, display the eternal online of your page, as if you are always sitting on the site. The latter option gives a big plus, because recently the invisibility in the contact was removed and with the help of a token no one will be able to understand exactly when you were online, because it is displayed all the time. Set status, write on the wall, etc.

How to get a VKontakte token.

The process of obtaining a token is carried out through the application. You need to create it yourself, this can be done by following the link vk.com/apps?act=manage and clicking the create button. Enter whatever you want in the title. Select the first type. Next, we go through confirmation using a mobile phone.

The page of your application comes out, select "Settings" and there will be a long set of asterisks and an id on top of it.

https://oauth.vk.com/authorize?client_id=5563738&scope=notify,photos,friends,audio,video,notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats,ads, offline&redirect_uri=http://api.vk.com/blank.html&display=page&response_type=token

How to find out your token in a contact.

After completing all of the above, a window will pop up for you, where you agree with everything and click the "Allow" button.

It seems difficult, but in fact everyone can get a token in VK, another question is why? 99% of VK users, his knowledge is absolutely not necessary. We also hasten to warn you not to give and do not enter your token on dubious resources, otherwise your page may be in the hands of an attacker. For example, you can be subscribed to various groups or communities without your knowledge, put you in questionable status or publish a message on your behalf on your wall

Social networks have become an essential tool for website promotion. To promote the site through the social. network should create a group or page of this site. Gain subscribers, post news on the wall and much more (this is a topic for a separate note). Many of these processes can be automated using the API (Application Programming Interface) of the corresponding social network. In this note, I will analyze how to connect to vk api (vkontakte), how to start working with vk api, and also give some examples of working with api vkontakte.

Creating a VKontakte application

And so let's get started. Vk api has many methods, but one of their main differences is that in order to make requests to VK api through some methods, a special access key is required - a token (access_token). You can get it by creating your application. We are offered several types of applications, but I choose the Standalone type. I have enough of it. To start creating an application, follow the link and get into the next window.

Here we select the type and name of our application. We press connect the application and we receive an SMS with a code to the phone number linked to the VK account from which we create the application. Enter it and go to the next window. In this window, go to the settings tab.

In the settings tab, we see fields with the name of the application ID and the security key. We write down this data somewhere. I didn't do anything else in the tabs. The application state is left in the disabled position. Click save settings. That's it, we have created a VKontakte application.

Getting a token (access_token) api VK

https://oauth.vk.com/authorize?client_id= &display= [window view]&redirect_uri=https://oauth.vk.com/blank.html&scope= [application rights]&response_type=token&v=5.52

• client_id - ID of our application received earlier.
• display - type of window in which authorization will take place. Can be page, popup, touch and wap
• scope - access rights of our application regarding user data. More on rights below.

The rights of the VK application relative to a given user can be set in text and digital form. In text it will look like scope=friends,messages,groups . With this line of code, we have allowed the vk application to access the user's friends, messages, and groups. The same rights are set in digital form. For each rule there is a bitmask and the sum of these masks and will allow the application certain actions. For example, the right friends(+2), messages(+4096), groups(+262144), as a result, the sum of bit masks will be 266242 and the scope=266242 code will be analogous to scope=friends,messages,groups . I want to pay special attention to the offline right. Setting this right makes the token we receive infinite. If this right is not set via certain time the token will need to be obtained again. You can read more about the rights of the VK application here. As a result, let's compose an address for receiving a token for an application with access rights to friends, messages and user groups, as well as with an immortal token. Let the application id be 123456. Given address will look like this:

https://oauth.vk.com/authorize?client_id=123456&display=page&redirect_uri=https://oauth.vk.com/blank.html& scope=friends,messages,groups,offline&response_type=token&v=5.52

We confirm the action and get to the page with a warning, we take our received token from the address bar of the browser. It will be after #access_token= , the expires_in=0 code tells us that the token (access_token) api vk is immortal. Accordingly, user_id= is the id of the user for whom we received the token.

Let's go to the account settings in the application settings tab and see our application.

Now we have everything ready to work with the VKontakte api.

Examples of working with api vk

To work with api VK, I use the language php programming. Therefore, I will give examples in php. In order to perform any action, we need to send a request to api vk. We can also send a request via address bar browser. That is, a request is a specific url address with certain parameters specified in it. The syntax for compiling such a URL is described below.

Https://api.vkontakte.ru/ method/[CALLED METHOD]?[CALLED METHOD PARAMETERS]

The list of api vk methods is here. We will not focus on this more for now, then everything will become clear with real examples. It remains only to figure out how to send a request to the VKontakte api php. For this we will use php function file_get_contents , as well as the json_decode function, since we will receive the response from the server in json format. Here is a template for executing a request to VK in php.

$result=json_decode(file_get_contents("https://api.vkontakte.ru/ method/[CALLED METHOD]?[CALLED METHOD PARAMETERS]"));

well, now a few examples of working with api vk

$useid=12345; $mytoken=56789; /*returns an object with the user's gender and birthday*/ $request_params = array("user_id" => $userid, "fields" => "sex", "fields" => "bdate"); $get_params = http_build_query($request_params); $result = json_decode(file_get_contents("https://api.vk.com/method/users.get?". $get_params)); /*checking if the user is banned from VK*/ $request_params = array("user_id" => $user_id, "fields" => "deactivated"); $get_params = http_build_query($request_params); $result = json_decode(file_get_contents("https://api.vk.com/method/users.get?". $get_params)); if(isset($result->response->deactivated))( echo "Page frozen or deleted"; ) /*send message to user with user_id=222222*/ $mesage="Hi, how are you?"; //encode string $msg=urlencode($mesage); $result = json_decode(file_get_contents("https://api.vkontakte.ru/method/ messages.send?user_id=222222& message=".$msg."&access_token=".$mytoken)); /* invite the user with user_id=222222 as a friend*/ $mesage="Let's be friends"; $msg=urlencode($mesage); $result=json_decode(file_get_contents("https://api.vkontakte.ru/ method/friends.adduser_id=222222& text=".$msg."&access_token=".$mytoken));

The api has a lot of methods, so I advise you to read the documentation. Of course queries don't always run correctly and return error codes. Errors can be viewed here. So just like that, you can simply connect to api vk and automate your actions in contact.

More and more often appear on the market software products for VKontakte in the form of online services, mobile or computer applications and even scripts that require account authorization via access_token. In some cases, these programs or services themselves make it possible to obtain the access key required for authorization in a couple of clicks. But what if you downloaded the script, but you don't have the access_token key for it to work?

How to get access_token?

The way to get a token is to follow a special link containing the ID of some VKontakte application, of the form:

Quote

200?"200px":""+(this.scrollHeight+5)+"px");">https://oauth.vk.com/authorize?client_id= APP_ID&scope=notify,photos,friends,audio,video,notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats,ads,offline&redirect_uri=http://api.vk.com/blank. html&display=page&response_type=token

• Getting a token through your own application.

  This method of obtaining a token implies that you have your own application. In this case, skip a couple of steps. We will start from the fact that you do not have your own application, which means you need to create it. To do this, go to the page for managing your applications using the link vk.com/apps?act=manage and click on the button " Create Application».

  

  
  Enter a name for the future application, for example, " Getting an access_token', make sure the checkbox ' Standalone application” and click on the button “ Connect application».

  

  
  Next, you will need to approve the application by receiving a confirmation code on your phone and entering it in a special field. Also, during the application approval process, you can link your mobile device to your VKontakte account. To do this, click on the button " Link device". Otherwise, just click on the link " Confirm via SMS» without linking the device to the page.

  

  
  After confirmation, you will see a page with information about the created application. In the menu on the left, click on " Settings". There is your so-called client_id, that is, the ID of your VKontakte application.

  

  
  This ID needs to be copied and pasted into our link instead APP_ID. It should look something like this:

  200?"200px":""+(this.scrollHeight+5)+"px");">https://oauth.vk.com/authorize?client_id=5563738&scope=notify,photos,friends,audio,video, notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats,ads,offline&redirect_uri=http://api.vk.com/blank.html&display=page&response_type=token

  
  5563738 is the ID of our application. You will have a similar number.
• Getting a token through the official VKontakte application.

  This method is absolutely identical to the previous one, except that you do not create your own application, but use an already created, official VKontakte application that you can trust.

  As an example, we will take the VKontakte application for Android. Its ID is as follows: 2890984 . As a result, substituting it into the link, it will take the following form:

  200?"200px":""+(this.scrollHeight+5)+"px");">https://oauth.vk.com/authorize?client_id=2890984&scope=notify,photos,friends,audio,video, notes,pages,docs,status,questions,offers,wall,groups,messages,notifications,stats,ads,offline&redirect_uri=http://api.vk.com/blank.html&display=page&response_type=token

• Provide the received access_token to third parties.
• Pass authorization through dubious applications (in addition to your own or official).

• After using the generated access_token, delete it. If necessary, you can always generate a new one.
• complete everything active sessions in the security settings of your VKontakte account. it fast way disable all active access keys (access_token).