Authentication
Token-Based
Once you have been issued an API key, you can use the following code to authorize requests:
curl "api_endpoint_here" \
-H "Authorization: Token token=API_KEY"
Filmmakers expects the API key to be included in all API requests to the server in a header that looks like the following:
Authorization: Token token=API_KEY
You must replace API_KEY
with your personal API key.
OAuth
The Filmmakers API supports the OAuth flow with refresh tokens.
Setting Up OAuth Access
Once you have been issued an API key with OAuth Authorization enabled, you can use the following configuration from your client code:
Filmmakers OpenID Configuration
See the example below on how to fetch the OAuth Access Token with curl.
export CLIENT_ID="your-client-id-goes-here"
export CLIENT_SECRET="your-client-secret-goes-here"
curl -s -X POST "https://www.filmmakers.eu/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "scope=public"
{"access_token":"Uvm37RVcZano399REpMXh837fDT-jtSc0lTvmEexpKI","token_type":"Bearer","expires_in":7200,"scope":"public","created_at":1730119409}
You must replace CLIENT_ID
and CLIENT_SECRET
with your credentials.
Using OAuth Access Tokens
Filmmakers expects the OAuth Access Token to be included in all API requests to the server in a header that looks like the following:
Authorization: Bearer ACCESS_TOKEN
OAuth access tokens expire after a set period (currently 120 minutes, though this may change in the future) and must be refreshed. Your client software is responsible for automating the OAuth flow. You can always retrieve the expiry time of an access token from the introspection endpoint listed in the Filmmakers OpenID Configuration.
curl -I https://www.filmmakers.eu/api/v1/actor_profiles -H "Authorization: Bearer $ACCESS_TOKEN" -H "Accept: application/json"
HTTP/1.1 200 OK
You must replace ACCESS_TOKEN
with a non-expired OAuth Access Token.
Introspecting Tokens
Token information can be retrieved from the introspection_endpoint
(see Filmmakers OpenID Configuration).
curl -X POST https://www.filmmakers.eu/oauth/introspect \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "token=ACCESS_TOKEN" \
-u "CLIENT_ID:CLIENT_SECRET"
You must replace CLIENT_ID
and CLIENT_SECRET
with your credentials and ACCESS_TOKEN
with your OAuth Access Token.