@Raghavan_Rave said:

I use my first API key with my token to access my list and modify it. How do I create a second API key so I can use it for public project. I dont if its ok to use my first API key for public projects as my users may try to read/write my private tmdb data (private list)? idk. what should I do?

I hope I understood your situation and so i will proceed to explain what you can do.

You can use your API Key or Access Token to make request to the server, if you want more people to make request with the same API key make them sign in with their account and use their account id and session id to make the request that would make changes to the account in question, be it yours or John Doe's.

You can achieve this by using the authentication process in the api which is very detailed and takes you from beginning to end. You can find it here (https://developer.themoviedb.org/reference/authentication-how-do-i-generate-a-session-id)

Do not use your api key or access token as variables or values but as enviroment variables which are hidden from the code and also excluded from git by adding the .env file to .gitignore.

Once you have done this, your app or web will be agnostic as to whom is using it until you log in.

Good luck.

Thx of the explanation. Im creating a extension that injects a button to TMDB movie page which on click with take you to the IMDb page of that movie. So i don't want users to login compulsory. In this case can i use my Api key for the extension as i don't want some geeky guy to read/delete my lists and other private data? ofcourse not gonna put that as a variable in my code. Also i don't have a server, and idt this small extension need a server.

@Raghavan_Rave said:

Thx of the explanation. Im creating a extension that injects a button to TMDB movie page which on click with take you to the IMDb page of that movie. So i don't want users to login compulsory. In this case can i use my Api key for the extension as i don't want some geeky guy to read/delete my lists and other private data? ofcourse not gonna put that as a variable in my code. Thx

I see. Being that the case, why would you need another api key? It doesn't matter if you have one or 2 you will arrive to the same spot. As long as you keep the keys hidden you don't need much to get the imdb ID of a movie.

Keep in mind there is no relationship between your api key and your account information i.e, you need your account id to get your lists, you need session ID for ratings and so on. In order for someone to get your account information they would need a validated token with your credentials.

Simply put, your api key alone is not enough to get your lists. The api key and access token are authorization keys required for the server to provide the info you want, and that info includes your account and lists.

Why then not share your api key with others? Because you would be responsible for the api calls made with that key as it is associated with your account therefore, your responsibility.

So go ahead and make your extention and don't use your account because you don't need it to get the imdb id nor the rest of the information pertaining to the movie.

Thank you so much for clearing my doubts. I won't use my auth token but will use my API key as a secret.

Have a great day!

@Raghavan_Rave said:

Thank you so much for clearing my doubts. I won't use my auth token but will use my API key as a secret.

Have a great day!

Happy coding!