difference in using authorization header vs api_key query parameter.

The Movie Database Support

posted by Racusthor
STAFFMOD
on February 11, 2025 at 4:54 PM

When using the authorization header, a call to https://api.themoviedb.org/3/account works (falls back to default id?).
however, a call to https://api.themoviedb.org/3/account?api_key=*** (without authorization header) doesn't work.

Is this by design? any other differences in using the header instead of query parameter?

2 replies (on page 1 of 1)

Reply by Victor Franco

STAFFMOD

on March 2, 2025 at 12:30 PM

Yes, this is intentional. The MovieDB API has different authentication levels:

1. Using the api_key in the URL
The api_key works for public requests, such as fetching movies or general information.
It does not work for requests that require user authentication.

2. Using the Authorization Header (Authorization: Bearer <token>)
Required for authenticated requests, like retrieving user-specific data (e.g., /account).
The API expects a user authentication token rather than just an API key.

3. Why does /account require authentication in the header?
The /account endpoint returns user-specific data.
An api_key alone is not enough because it does not identify a specific user.
Instead, the API requires an OAuth 2.0 Access Token.

How to fix it?

The user must generate an OAuth 2.0 Access Token and include it in the request header:

Authorization: Bearer <your_access_token>

This ensures the API knows which user account is making the request.

Users In This Discussion

Categories

The Movie Database Support