The Movie Database 支持
支持 → API 支持
difference in using authorization header vs api_key query parameter.
RacusthorSTAFFMOD 发布于 2025 年 02 月 11 日 4:54下午
When using the authorization header, a call to https://api.themoviedb.org/3/account works (falls back to default id?).
however, a call to https://api.themoviedb.org/3/account?api_key=*** (without authorization header) doesn't work.
Is this by design? any other differences in using the header instead of query parameter?
Racusthor 的回复
于 2025 年 03 月 02 日 7:17上午
does anyone know?
Victor Franco 的回复
于 2025 年 03 月 02 日 12:30下午
Yes, this is intentional. The MovieDB API has different authentication levels:
1. Using the
api_keyin the URLThe
api_keyworks for public requests, such as fetching movies or general information.It does not work for requests that require user authentication.
2. Using the Authorization Header (
Authorization: Bearer <token>)Required for authenticated requests, like retrieving user-specific data (e.g.,
/account).The API expects a user authentication token rather than just an API key.
3. Why does
/accountrequire authentication in the header?The
/accountendpoint returns user-specific data.An
api_keyalone is not enough because it does not identify a specific user.Instead, the API requires an OAuth 2.0 Access Token.
How to fix it?
The user must generate an OAuth 2.0 Access Token and include it in the request header:
This ensures the API knows which user account is making the request.