Callbacks and tokens
| Target | Callback path | Provider setup |
|---|---|---|
| AniList | /api/auth/anilist/callback | Register the full HTTPS URL in the AniList application. |
| MyAnimeList | /api/auth/mal/callback | Register the full HTTPS URL in the MAL API application. |
| TMDB | /api/auth/tmdb/callback | TMDB account approval returns through this instance route; TMDB does not expose the same callback registration field as the OAuth providers. |
| SIMKL | /api/auth/simkl/callback | Register the full HTTPS URL in the SIMKL application. |
| Trakt | /api/auth/trakt/callback | Register the full HTTPS URL in the Trakt application. |
Each Connect action is tied to one target. Several targets can therefore use the same provider without receiving each other’s tokens.
Token lifecycle
Section titled “Token lifecycle”Access and refresh tokens are encrypted in SQLite. Brokerr refreshes them when supported; an expired, revoked, or unusable token requires reconnecting.
Browser behavior
Section titled “Browser behavior”A provider may approve immediately when your browser already has a provider session and previously granted the application. This is normal and does not mean that Brokerr reused another target token.
Disconnect
Section titled “Disconnect”Disconnect removes tokens for that target but preserves its settings and profile references.