The Movie Database-ondersteuning
Ondersteuning → API-ondersteuning
API key / Read Access Token keeps changing?
geplaatst door hcabalicSTAFFMOD op 8 juli 2024 om 3:55 PM
Since last night I've been experiencing an issue with my API key/read access token. After a few requests are sent, even as little as 1 or 2, I suddenly receive a 401 error message:
{
"status_code": 7,
"status_message": "Invalid API key: You must be granted a valid key.",
"success": false
}
When using the read access token I notice that it is different from the just recently working instance, the API key generally stays the same... so for now i'm just gonna stick to the api_key in the request uri.
At the least i'm pretty sure I'm misunderstanding the options implementation (using Bearer ) and I'd just like some clarity of how that works in general, and likely i'm doing something wrong.
Reactie van Travis Bell
op 9 juli 2024 om 6:18 PM
Hi @hcabalic,
Assuming you're not re-generating your API key (which changes your key), it doesn't matter if the read token changes as the value that matters is your
api_key, which will be the same value encoded in all of your tokens. The reason it's changing on every page load is because there's some time data encoded in it which will change as time goes on. Your API key is encoded and stays constant throughout every token.Reactie van hcabalic
op 9 juli 2024 om 6:53 PM
Ah, okay this is making a little more sense. So if I was keeping that read access token stored in a .env file in my application, the moment that token changes, my current implementation is invalid.
so the way i read this guide: https://developer.themoviedb.org/docs/authentication-application#bearer-token is that you have the option to choose your auth method,which i think is still correct - but i think i just don't fully understand how Bearer token works - it seems like i'd need to make a separate request to get a fresh token, then include it in my outgoing request for movie data? I totally can google this but it'll still be helpful if u can give me some clarity
Reactie van hcabalic
op 10 juli 2024 om 1:02 PM
Hi travis, learning a lil more about this - curious if there is a 'refresh' token that I use to preemptively get a new Bearer token before it expires?
Reactie van Travis Bell
op 10 juli 2024 om 1:09 PM
Hi @hcabalic,
I think you're confusing something. Access tokens (and your API key) never expire.
Reactie van hcabalic
op 10 juli 2024 om 1:14 PM
Ok, if I use the Bearer token method to authenticate, and it changes because of the encoded time data, how do i ensure that my bearer token is up to date when I send a request from my application?
Reactie van Travis Bell
op 10 juli 2024 om 1:21 PM
You don't need to worry about that, grab a token and use it forever.
Reactie van hcabalic
op 10 juli 2024 om 1:41 PM
Hmm, okay so check this out,
yesterday, i had regenerated a new API key, thinking that would solve my problem. So I used that method to make my requests, and it had worked up until now.
Just a few mins ago I was testing out some of the endpoints here and swapped the auth method in the upper right to use Access Token Auth instead of my API key. That worked, but when I switched back to API key, my api key is no longer valid. I think this should explain the problem I'm running into? If i change auth methods from API key to Bearer token, i should be fine if I stick with that, but if i want to go back to api key, that key is no longer valid because my account is authenticated using the Bearer token.. am I understanding correctly?
Reactie van Travis Bell
op 10 juli 2024 om 1:48 PM
If you re-generated your API key, you will have to grab a fresh copy of either the API key (if you're using param based authentication) or the access token (if you're using Bearer authentication).
Assuming you don't re-generate your API key again, neither of these values will need to be pulled again. You can use either one for your authentication.
Now, with regards to the API documentation, that's a wholly different thing. There's no way to force your session in Readme to use a new key but I think, if you click this link:
https://www.themoviedb.org/login?to=read_me&redirect_uri=/docs
It will refresh your Readme session. If not, log out of Readme, and then click that link again.
Reactie van hcabalic
op 10 juli 2024 om 1:59 PM
Yeah when i regenerated it that's what I used for the param based auth.
Is my understanding of the auth method correct (see prev msg), that i can't flip flop btwn the methods? I was only flip flopping to decide which method to use.
Reactie van Travis Bell
op 10 juli 2024 om 2:03 PM
You can flip flop all you want, but your Readme session won't automatically update after you re-generate a key. So after you did re-generate your key, Readme would have been left out of sync.
Reactie van hcabalic
op 10 juli 2024 om 2:05 PM
Tho, it does seem that my API key can be used as the Bearer token in the API reference, which just further adds to my confusion.
I appreciate your time helping me understand this; I'll stop fiddling around with my auth method
Reactie van hcabalic
op 10 juli 2024 om 2:19 PM
So the best thing would be to regen my key, log out, log back in, and then flip flop all i want
Reactie van Travis Bell
op 10 juli 2024 om 2:25 PM
Reactie van hcabalic
op 10 juli 2024 om 2:58 PM
Thanks for your patience with me!
Reactie van hcabalic
op 10 juli 2024 om 3:33 PM
Oh ok, so just one more note - i think this is also another point of confusion:
In the API Reference when you swap back n forth btwn auth methods in the right column to try sending requests, when you switch from Access Token to API Key, it uses the API key as the Bearer token - when really that entire code block should get replaced with a curl using the api_key as a param.