Application level authentication would generally be considered the default way of authenticating yourself on the API.
You can authenticate with either your api_key, or by using your access_token as a bearer token.
The default method to authenticate is with your access_token. This token is expected to be sent along as an Authorization header.
A simple cURL example using this method looks like the following:
The API Key is the second authentication method. Although, it cannot be used for all endpoints.
Use the api_key over the access_token only when you really need to. For example, the Get account details endpoint uses an API Key.
A simple cURL example using the api_key looks like the following:
Example
Copy
curl --request GET \ --url 'https://api.themoviedb.org/3/movie/changes?api_key=79191836ddaa0da3df76a5ffef6f07ad6ab0c641'
You can authenticate TMDB users within your application to extend the TMDB experience within your application. This will let your users (who also have an account with us) do things like rate movies,
maintain their favourite and watch lists as well as do things like create and edit custom lists, all while staying in sync with their account on TMDB.User authentication is controlled with a session_id query parameter. Read this guide to see how to generate a session_id.After getting the session_id, use it as a query parameter in each endpoint as seen in the code below:
You should treat this key like a password and keep it secret.
Guest sessions are a second type of user authentication that allows your users to access the API without logging in. However, they have limited permissions as they can only rate a movie, TV show and TV episode.
Creating a guest session is as simple as calling the new guest session method.Just like a fully authorized user session, guest sessions should be kept private as they tie a session within your application to a single token.
