The Movie Database 支持
支持 → API 支持
API key / Read Access Token keeps changing?
hcabalicSTAFFMOD 发布于 2024 年 07 月 08 日 3:55下午
Since last night I've been experiencing an issue with my API key/read access token. After a few requests are sent, even as little as 1 or 2, I suddenly receive a 401 error message:
{
"status_code": 7,
"status_message": "Invalid API key: You must be granted a valid key.",
"success": false
}
When using the read access token I notice that it is different from the just recently working instance, the API key generally stays the same... so for now i'm just gonna stick to the api_key in the request uri.
At the least i'm pretty sure I'm misunderstanding the options implementation (using Bearer ) and I'd just like some clarity of how that works in general, and likely i'm doing something wrong.
Travis Bell 的回复
于 2024 年 07 月 09 日 6:18下午
Hi @hcabalic,
Assuming you're not re-generating your API key (which changes your key), it doesn't matter if the read token changes as the value that matters is your
api_key, which will be the same value encoded in all of your tokens. The reason it's changing on every page load is because there's some time data encoded in it which will change as time goes on. Your API key is encoded and stays constant throughout every token.hcabalic 的回复
于 2024 年 07 月 09 日 6:53下午
Ah, okay this is making a little more sense. So if I was keeping that read access token stored in a .env file in my application, the moment that token changes, my current implementation is invalid.
so the way i read this guide: https://developer.themoviedb.org/docs/authentication-application#bearer-token is that you have the option to choose your auth method,which i think is still correct - but i think i just don't fully understand how Bearer token works - it seems like i'd need to make a separate request to get a fresh token, then include it in my outgoing request for movie data? I totally can google this but it'll still be helpful if u can give me some clarity
hcabalic 的回复
于 2024 年 07 月 10 日 1:02下午
Hi travis, learning a lil more about this - curious if there is a 'refresh' token that I use to preemptively get a new Bearer token before it expires?
Travis Bell 的回复
于 2024 年 07 月 10 日 1:09下午
Hi @hcabalic,
I think you're confusing something. Access tokens (and your API key) never expire.
hcabalic 的回复
于 2024 年 07 月 10 日 1:14下午
Ok, if I use the Bearer token method to authenticate, and it changes because of the encoded time data, how do i ensure that my bearer token is up to date when I send a request from my application?
Travis Bell 的回复
于 2024 年 07 月 10 日 1:21下午
You don't need to worry about that, grab a token and use it forever.
hcabalic 的回复
于 2024 年 07 月 10 日 1:41下午
Hmm, okay so check this out,
yesterday, i had regenerated a new API key, thinking that would solve my problem. So I used that method to make my requests, and it had worked up until now.
Just a few mins ago I was testing out some of the endpoints here and swapped the auth method in the upper right to use Access Token Auth instead of my API key. That worked, but when I switched back to API key, my api key is no longer valid. I think this should explain the problem I'm running into? If i change auth methods from API key to Bearer token, i should be fine if I stick with that, but if i want to go back to api key, that key is no longer valid because my account is authenticated using the Bearer token.. am I understanding correctly?
Travis Bell 的回复
于 2024 年 07 月 10 日 1:48下午
If you re-generated your API key, you will have to grab a fresh copy of either the API key (if you're using param based authentication) or the access token (if you're using Bearer authentication).
Assuming you don't re-generate your API key again, neither of these values will need to be pulled again. You can use either one for your authentication.
Now, with regards to the API documentation, that's a wholly different thing. There's no way to force your session in Readme to use a new key but I think, if you click this link:
https://www.themoviedb.org/login?to=read_me&redirect_uri=/docs
It will refresh your Readme session. If not, log out of Readme, and then click that link again.
hcabalic 的回复
于 2024 年 07 月 10 日 1:59下午
Yeah when i regenerated it that's what I used for the param based auth.
Is my understanding of the auth method correct (see prev msg), that i can't flip flop btwn the methods? I was only flip flopping to decide which method to use.
Travis Bell 的回复
于 2024 年 07 月 10 日 2:03下午
You can flip flop all you want, but your Readme session won't automatically update after you re-generate a key. So after you did re-generate your key, Readme would have been left out of sync.
hcabalic 的回复
于 2024 年 07 月 10 日 2:05下午
Tho, it does seem that my API key can be used as the Bearer token in the API reference, which just further adds to my confusion.
I appreciate your time helping me understand this; I'll stop fiddling around with my auth method
hcabalic 的回复
于 2024 年 07 月 10 日 2:19下午
So the best thing would be to regen my key, log out, log back in, and then flip flop all i want
Travis Bell 的回复
于 2024 年 07 月 10 日 2:25下午
hcabalic 的回复
于 2024 年 07 月 10 日 2:58下午
Thanks for your patience with me!
hcabalic 的回复
于 2024 年 07 月 10 日 3:33下午
Oh ok, so just one more note - i think this is also another point of confusion:
In the API Reference when you swap back n forth btwn auth methods in the right column to try sending requests, when you switch from Access Token to API Key, it uses the API key as the Bearer token - when really that entire code block should get replaced with a curl using the api_key as a param.