FamilySearch Authentication

FamilySearch uses the OAuth 2 secure authentication protocol (OAuth) to allow apps to access FamilySearch data. Four authentication mechanisms or grant types are supported. Authentication is granted in the form of an access token.

For more information on OAuth 2 authentication, see the following references.

Content Location
OAuth overview http://oauth.net/
OAuth 2.0 specification http://tools.ietf.org/html/rfc6749
Libraries for most languages to help implement the OAuth protocol http://oauth.net/2/

Authorization_Code Authentication - for Web Apps

The authorization_code grant type allows Web apps to obtain an authorization code from the FamilySearch authorization page. Your app does not handle the username and password. Your app uses the returned authorization code to obtain an access token. For information on the FamilySearch APIs, see the Authorization resource and the Access Token resource.

The process of obtaining an access token is detailed for a web-based application in the following graphic and procedure.

  1. Authorize: Call the Authorization API resource.

    The user is directed to the FamilySearch login page to provide login credentials (username and password) and to accept the FamilySearch terms of access.

    An authorization code is sent back to the application.

  2. Authenticate: Call the Access Token API resource with authorization_code grant type and use the authorization code as a parameter.

    An access token is returned to the app. This access token is then used as a parameter for all subsequent FamilySearch API resource requests.

Password Authentication - for Desktop and Mobile Apps

This method requires that your app obtains the username and password.

  1. Accept: Obtain the username, password, and acceptance of FamilySearch terms of access.
  2. DO NOT PROCEED if the user does not accept the terms of access. See the User Interface Suggestions in the Authenticate Desktop and Mobile App Users for FamilySearch Access topic.

  3. Authenticate: Call the Access Token API resource with password grant type and use the username and password as parameters.
  4. An access token is returned to the app. This access token is then used as a parameter for all subsequent FamilySearch API resource requests.

Unauthenticated Session

This authentication grant type offers limited access to FamilySearch data. There are a limited number of API resources that allow unauthenticated access. If you feel this is a desirable option for your app, please contact devsupport@familysearch.org.

Client Credentials

This authentication grant type involves customized establishment of OAuth 2 authentication. If your app requires special authentication beyond the scope of the authorization_code and the password grant type authentication, please contact devsupport@familysearch.org.