to TMDb

Home Knowledge Base API 3

User Authentication

In order for users to have write access to the API, a valid session id is required. The benefit to this system is that we're never passing a users username or password through the air or requiring a 3rd party app to store it locally. The process of creating this session id is split into a few steps.

Step 1: Generate a Request Token

Start by making an API call to the new token method. This will return a new request token that will be valid for 60 minutes. The request token is not authorized by the user at this stage. Request tokens are API account specific and are the tie between your application and the user in step 2.

Step 2: Request Authorization From the User

Once you have a valid request token, your application needs to open a web browser and send them to TMDb. The HTTP response when generating a new token will include a Authentication-Callback header that you can easily use for the redirect.

If the user is not logged in to TMDb, they will be redirected to the login page before being asked to grant your application permission to use their account. Once the user has granted your application permission to use their account, the browser-based part of this process is over and you can return them to your application.

Just like the request for a new token, the approved response will include a Authentication-Callback header which again, is a convenient way to redirect your application back to the API and generate the real session id.

Step 3: Generate a Session ID

Now that your user has granted permission for the request token to be allowed to let your application use their account, you need to generate a valid session id. You can do this by calling the new session method.

Once the session is created, they will not expire. Since the request token is consumed during the creation of a session id, if for any reason you need to repeat this process, just start back at step 1. Multiple authorizations per API key can exist.

Step 4: Make Authenticated API Calls

For methods that require write access, you now have a valid session id to allow your users to add or edit data. It's important to treat this session id securely. Remember, it's just like a username and password.

Section:
API 3
Last Updated:
24 Feb, 2012 11:20 PM

Recent Discussions

21 May, 2012 08:23 AM Reported Problem for Little Miss Marker
27 Jan, 2012 05:47 AM Is it possible to mirror the entire dataset?
21 May, 2012 07:00 AM Not Enough details under movie.browse API
21 May, 2012 04:58 AM Reported Problem for Teen Wolf
20 May, 2012 11:56 AM All info for Wallander movies are gone (26 movies) (1 Movie Set)

Recent Articles

API Wrappers & Libraries
About 3
Movie Similar Movies
➤ Movie Info
Search People