Υποστήριξη για το The Movie Database
Υποστήριξη → Υποστήριξη API
difference in using authorization header vs api_key query parameter.
Δημοσιεύτηκε από τον/την RacusthorSTAFFMOD στις 11 Φεβρουάριος 2025 στις 04:54 ΜΜ
When using the authorization header, a call to https://api.themoviedb.org/3/account works (falls back to default id?).
however, a call to https://api.themoviedb.org/3/account?api_key=*** (without authorization header) doesn't work.
Is this by design? any other differences in using the header instead of query parameter?
Απάντηση από τον/την Racusthor
στις 2 Μάρτιος 2025 στις 07:17 ΕΊΜΑΙ
does anyone know?
Απάντηση από τον/την Victor Franco
στις 2 Μάρτιος 2025 στις 12:30 ΜΜ
Yes, this is intentional. The MovieDB API has different authentication levels:
1. Using the
api_keyin the URLThe
api_keyworks for public requests, such as fetching movies or general information.It does not work for requests that require user authentication.
2. Using the Authorization Header (
Authorization: Bearer <token>)Required for authenticated requests, like retrieving user-specific data (e.g.,
/account).The API expects a user authentication token rather than just an API key.
3. Why does
/accountrequire authentication in the header?The
/accountendpoint returns user-specific data.An
api_keyalone is not enough because it does not identify a specific user.Instead, the API requires an OAuth 2.0 Access Token.
How to fix it?
The user must generate an OAuth 2.0 Access Token and include it in the request header:
This ensures the API knows which user account is making the request.