Soporte de The Movie Database
Soporte → Soporte de API
API key / Read Access Token keeps changing?
publicado por hcabalicSTAFFMOD el 8 de julio de 2024 a las 15:55
Since last night I've been experiencing an issue with my API key/read access token. After a few requests are sent, even as little as 1 or 2, I suddenly receive a 401 error message:
{
"status_code": 7,
"status_message": "Invalid API key: You must be granted a valid key.",
"success": false
}
When using the read access token I notice that it is different from the just recently working instance, the API key generally stays the same... so for now i'm just gonna stick to the api_key in the request uri.
At the least i'm pretty sure I'm misunderstanding the options implementation (using Bearer ) and I'd just like some clarity of how that works in general, and likely i'm doing something wrong.
Contestado por Travis Bell
el 9 de julio de 2024 a las 18:18
Hi @hcabalic,
Assuming you're not re-generating your API key (which changes your key), it doesn't matter if the read token changes as the value that matters is your
api_key, which will be the same value encoded in all of your tokens. The reason it's changing on every page load is because there's some time data encoded in it which will change as time goes on. Your API key is encoded and stays constant throughout every token.Contestado por hcabalic
el 9 de julio de 2024 a las 18:53
Ah, okay this is making a little more sense. So if I was keeping that read access token stored in a .env file in my application, the moment that token changes, my current implementation is invalid.
so the way i read this guide: https://developer.themoviedb.org/docs/authentication-application#bearer-token is that you have the option to choose your auth method,which i think is still correct - but i think i just don't fully understand how Bearer token works - it seems like i'd need to make a separate request to get a fresh token, then include it in my outgoing request for movie data? I totally can google this but it'll still be helpful if u can give me some clarity
Contestado por hcabalic
el 10 de julio de 2024 a las 13:02
Hi travis, learning a lil more about this - curious if there is a 'refresh' token that I use to preemptively get a new Bearer token before it expires?
Contestado por Travis Bell
el 10 de julio de 2024 a las 13:09
Hi @hcabalic,
I think you're confusing something. Access tokens (and your API key) never expire.
Contestado por hcabalic
el 10 de julio de 2024 a las 13:14
Ok, if I use the Bearer token method to authenticate, and it changes because of the encoded time data, how do i ensure that my bearer token is up to date when I send a request from my application?
Contestado por Travis Bell
el 10 de julio de 2024 a las 13:21
You don't need to worry about that, grab a token and use it forever.
Contestado por hcabalic
el 10 de julio de 2024 a las 13:41
Hmm, okay so check this out,
yesterday, i had regenerated a new API key, thinking that would solve my problem. So I used that method to make my requests, and it had worked up until now.
Just a few mins ago I was testing out some of the endpoints here and swapped the auth method in the upper right to use Access Token Auth instead of my API key. That worked, but when I switched back to API key, my api key is no longer valid. I think this should explain the problem I'm running into? If i change auth methods from API key to Bearer token, i should be fine if I stick with that, but if i want to go back to api key, that key is no longer valid because my account is authenticated using the Bearer token.. am I understanding correctly?
Contestado por Travis Bell
el 10 de julio de 2024 a las 13:48
If you re-generated your API key, you will have to grab a fresh copy of either the API key (if you're using param based authentication) or the access token (if you're using Bearer authentication).
Assuming you don't re-generate your API key again, neither of these values will need to be pulled again. You can use either one for your authentication.
Now, with regards to the API documentation, that's a wholly different thing. There's no way to force your session in Readme to use a new key but I think, if you click this link:
https://www.themoviedb.org/login?to=read_me&redirect_uri=/docs
It will refresh your Readme session. If not, log out of Readme, and then click that link again.
Contestado por hcabalic
el 10 de julio de 2024 a las 13:59
Yeah when i regenerated it that's what I used for the param based auth.
Is my understanding of the auth method correct (see prev msg), that i can't flip flop btwn the methods? I was only flip flopping to decide which method to use.
Contestado por Travis Bell
el 10 de julio de 2024 a las 14:03
You can flip flop all you want, but your Readme session won't automatically update after you re-generate a key. So after you did re-generate your key, Readme would have been left out of sync.
Contestado por hcabalic
el 10 de julio de 2024 a las 14:05
Tho, it does seem that my API key can be used as the Bearer token in the API reference, which just further adds to my confusion.
I appreciate your time helping me understand this; I'll stop fiddling around with my auth method
Contestado por hcabalic
el 10 de julio de 2024 a las 14:19
So the best thing would be to regen my key, log out, log back in, and then flip flop all i want
Contestado por Travis Bell
el 10 de julio de 2024 a las 14:25
Contestado por hcabalic
el 10 de julio de 2024 a las 14:58
Thanks for your patience with me!
Contestado por hcabalic
el 10 de julio de 2024 a las 15:33
Oh ok, so just one more note - i think this is also another point of confusion:
In the API Reference when you swap back n forth btwn auth methods in the right column to try sending requests, when you switch from Access Token to API Key, it uses the API key as the Bearer token - when really that entire code block should get replaced with a curl using the api_key as a param.