Skip to content

Callbacks and tokens

TargetCallback pathProvider setup
AniList/api/auth/anilist/callbackRegister the full HTTPS URL in the AniList application.
MyAnimeList/api/auth/mal/callbackRegister the full HTTPS URL in the MAL API application.
TMDB/api/auth/tmdb/callbackTMDB account approval returns through this instance route; TMDB does not expose the same callback registration field as the OAuth providers.
SIMKL/api/auth/simkl/callbackRegister the full HTTPS URL in the SIMKL application.
Trakt/api/auth/trakt/callbackRegister the full HTTPS URL in the Trakt application.

Each Connect action is tied to one target. Several targets can therefore use the same provider without receiving each other’s tokens.

Access and refresh tokens are encrypted in SQLite. Brokerr refreshes them when supported; an expired, revoked, or unusable token requires reconnecting.

A provider may approve immediately when your browser already has a provider session and previously granted the application. This is normal and does not mean that Brokerr reused another target token.

Disconnect removes tokens for that target but preserves its settings and profile references.