Hi @hcabalic,

Assuming you're not re-generating your API key (which changes your key), it doesn't matter if the read token changes as the value that matters is your api_key, which will be the same value encoded in all of your tokens. The reason it's changing on every page load is because there's some time data encoded in it which will change as time goes on. Your API key is encoded and stays constant throughout every token.

Ah, okay this is making a little more sense. So if I was keeping that read access token stored in a .env file in my application, the moment that token changes, my current implementation is invalid.

so the way i read this guide: https://developer.themoviedb.org/docs/authentication-application#bearer-token is that you have the option to choose your auth method,which i think is still correct - but i think i just don't fully understand how Bearer token works - it seems like i'd need to make a separate request to get a fresh token, then include it in my outgoing request for movie data? I totally can google this but it'll still be helpful if u can give me some clarity

Hi travis, learning a lil more about this - curious if there is a 'refresh' token that I use to preemptively get a new Bearer token before it expires?

Hi @hcabalic,

I think you're confusing something. Access tokens (and your API key) never expire.

Ok, if I use the Bearer token method to authenticate, and it changes because of the encoded time data, how do i ensure that my bearer token is up to date when I send a request from my application?

You don't need to worry about that, grab a token and use it forever.

Hmm, okay so check this out,

yesterday, i had regenerated a new API key, thinking that would solve my problem. So I used that method to make my requests, and it had worked up until now.

Just a few mins ago I was testing out some of the endpoints here and swapped the auth method in the upper right to use Access Token Auth instead of my API key. That worked, but when I switched back to API key, my api key is no longer valid. I think this should explain the problem I'm running into? If i change auth methods from API key to Bearer token, i should be fine if I stick with that, but if i want to go back to api key, that key is no longer valid because my account is authenticated using the Bearer token.. am I understanding correctly?

If you re-generated your API key, you will have to grab a fresh copy of either the API key (if you're using param based authentication) or the access token (if you're using Bearer authentication).

Assuming you don't re-generate your API key again, neither of these values will need to be pulled again. You can use either one for your authentication.

Now, with regards to the API documentation, that's a wholly different thing. There's no way to force your session in Readme to use a new key but I think, if you click this link:

https://www.themoviedb.org/login?to=read_me&redirect_uri=/docs

It will refresh your Readme session. If not, log out of Readme, and then click that link again.

Yeah when i regenerated it that's what I used for the param based auth.

Is my understanding of the auth method correct (see prev msg), that i can't flip flop btwn the methods? I was only flip flopping to decide which method to use.

You can flip flop all you want, but your Readme session won't automatically update after you re-generate a key. So after you did re-generate your key, Readme would have been left out of sync.

Tho, it does seem that my API key can be used as the Bearer token in the API reference, which just further adds to my confusion.

I appreciate your time helping me understand this; I'll stop fiddling around with my auth method

So the best thing would be to regen my key, log out, log back in, and then flip flop all i want

@hcabalic said:

So the best thing would be to regen my key, log out of Readme, log back in, and then flip flop all i want

Correct.

Thanks for your patience with me!

Oh ok, so just one more note - i think this is also another point of confusion:

In the API Reference when you swap back n forth btwn auth methods in the right column to try sending requests, when you switch from Access Token to API Key, it uses the API key as the Bearer token - when really that entire code block should get replaced with a curl using the api_key as a param.