difference in using authorization header vs api_key query parameter.

תמיכת The Movie Database

Racusthor
STAFFMOD
בתאריך פברואר 11, 2025 בשעה 4:54אחרי חצות יום פורסם ע״י

When using the authorization header, a call to https://api.themoviedb.org/3/account works (falls back to default id?).
however, a call to https://api.themoviedb.org/3/account?api_key=*** (without authorization header) doesn't work.

Is this by design? any other differences in using the header instead of query parameter?

2 תגובות (בדף 1 מתוך 1)

תגובה מאת Racusthor

STAFFMOD

ב-מרץ 2, 2025 ב-7:17לפני חצות יום

does anyone know?

תגובה מאת Victor Franco

STAFFMOD

ב-מרץ 2, 2025 ב-12:30אחרי חצות יום

Yes, this is intentional. The MovieDB API has different authentication levels:

1. Using the api_key in the URL
The api_key works for public requests, such as fetching movies or general information.
It does not work for requests that require user authentication.

2. Using the Authorization Header (Authorization: Bearer <token>)
Required for authenticated requests, like retrieving user-specific data (e.g., /account).
The API expects a user authentication token rather than just an API key.

3. Why does /account require authentication in the header?
The /account endpoint returns user-specific data.
An api_key alone is not enough because it does not identify a specific user.
Instead, the API requires an OAuth 2.0 Access Token.

How to fix it?

The user must generate an OAuth 2.0 Access Token and include it in the request header:

Authorization: Bearer <your_access_token>

This ensures the API knows which user account is making the request.

משתמשים בדיון זה

קטגוריות

תמיכת The Movie Database