As outlined in the getting started guide, the basics to getting a user authenticated look like this:
- Create a new request token
- Get the user to authorize the request token
- Create a new session id with the athorized request token
- Part 1 and 3 should be fairly easy to understand but I'll walk through each step to make sure it's clear.
Step 1: Create a request token
The first step as a developer is to request a new token. This is a temporary token that is required to ask the user for permission to access their account. This token will auto expire after 60 minutes if it's not used.
Step 2: Ask the user for permission
With a request token in hand, forward your user to the following URL:
https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}
You can also pass this URL a redirect_to parameter, ie:
https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}?redirect_to=http://www.yourapp.com/approved
Once the user has approved your request token, they will either be redirected to the URL you specified in the redirect_to parameter or to the /authenticate/allow path on TMDB. If they aren't redirected to a custom URL, the page will also have a Authentication-Callback header. This header contains the API call for step #3. You can either manually generate it or simply use the one we return.
Step 3: Create a session ID
By calling the new session method with the request token that has been approved by the user in step 2, we will return a new session_id. This is the session that can now be used to write user data. You should treat this key like a password and keep it secret.
What about guest sessions?
A guest session can be used to rate movies without having a registered TMDB user account. For more information about how to create a guest session see here.