As outlined in the getting started guide, the basics to getting a user authenticated look like this:
- Create a new request token
- Get the user to authorize the request token
- Create a new session id with the athorized request token
- Part 1 and 3 should be fairly easy to understand but I'll walk through each step to make sure it's clear.
The first step as a developer is to request a new token. This is a temporary token that is required to ask the user for permission to access their account. This token will auto expire after 60 minutes if it's not used.
With a request token in hand, forward your user to the following URL:
You can also pass this URL a
redirect_to parameter, ie:
Once the user has approved your request token, they will either be redirected to the URL you specified in the
redirect_to parameter or to the
/authenticate/allow path on TMDB. If they aren't redirected to a custom URL, the page will also have a
Authentication-Callback header. This header contains the API call for step #3. You can either manually generate it or simply use the one we return.
By calling the new session method with the request token that has been approved by the user in step 2, we will return a new session_id. This is the session that can now be used to write user data. You should treat this key like a password and keep it secret.
A guest session can be used to rate movies without having a registered TMDB user account. For more information about how to create a guest session see here.