I need to get a few things cleared up in regards to tokens and api access. I am working on a movie application as a side project that is meant to provide not only movie information but act as a kind of social hub for this kind of content to help build upon what the awesome folks here at TMDB offer. Atm i am not looking to get people logged in to do ratings and whatnot so am wondering about the rate limiting on the regular tokens. As it stands just getting into the main menu of the app should fire off 7 requests that represent the home menu offerings of the various trending details as well as shows and theater movies. and it grows from there as soon as u start pulling information for individual movies/shows/people when u want to see specific information on each. while this is great as a single user as the 40 requests a second is just not even something that is feasible . . . all it takes is 7 to 10 people using the app to start hitting the limits, and i would love to start spreading it around to my family to get feedback on their thoughts which even that would cause rate limiting to happen per my calculations (making the assumption everyone opens and interacts quickly at the same time). So my question is this . . . does the session information as a guest act as an individual user that also has those request limits or is it tied back to the original caller? Like does each user having their own session have their own 40 requests a second limit or is it still shared across all the sessions since my key would have generated it? and also am i thinking about this wrong to begin with . . . are guest sessions strictly for rating and whatnot or is it also to consume the api as a whole?
Can't find a movie or TV show? Login to create it.
Want to rate or add this item to a list?
Not a member?
Reply by anatoledp
on May 28, 2025 at 10:42 AM
ok so after reading a bit more like i should have done in the start guest sessions are purely an account related thing. the api key is indeed the sole access to consume the rest of the api not related to account management. So then the question still remains about the rate limiting per user. is the rate limiting per user or just over the api key as a whole? i saw somewhere someone mention its per IP address so wanted to make sure i get this correct if i need to build out a backend first before continuing the main app as i do plan on a rudimentary backend that can cache requests as i want to keep something in sync with the trending scores each day to be able to have a general measurement to display but not there yet.
Reply by anatoledp
on May 28, 2025 at 10:58 AM
man i am terrible at reading first before asking questions. ok so rate limiting is per ip address and not token specific. there was another topic where it was mentioned to use the XFF header in order to pass the ip of the client to the server. It was never expanded upon if this was indeed supported as admin was going to check but never gave a final confirmation on that. so . . . in using a backend can i pass the XFF header and that should keep the backend from hitting limits on individual user requests that would be proxied through it (obviously request caching would also help with this) . . . or does the api not accept the header and only respond to the backend as a single entity and therefore have the limit to it instead of the proxied user