Netflix Authentication Walk-Through

This page will walk you all the way through the Netflix authentication process. It ends with a demonstration that allows you to add, move, and delete movies from your Netflix queue, using your developer and Netflix subscriber credentials. There's nothing to install or manage on your end; everything happens on the page.

Before You Begin

If you have not already done so, please take a moment to register an application at http://developer.netflix.com. As you work your way through, please rest assured that no sensitive information--including your Netflix or Netflix Developer Network credentials--will ever be submitted to or collected by anything that isn't Netflix or the Netflix Developer Network. Everything that doesn't go through the API happens client-side via JavaScript, and all cookies will clear when you close your browser window.

1. Get your Request Token

To find your consumer key and shared secret, visit http://developer.netflix.com/apps/mykeys.

consumer_key :
consumer_secret :
Authorization URL :
Signed URL

2. Save your OAuth Token Secret

Because the OAuth token secret isn't used until after the subscriber signs in, you'll need to save it on your end. For the purposes of our our demo, we'll save it as a browser cookie.

oauth_token_secret : Please read carefully and be sure to copy from the equals-sign all the way to the next ampersand.

3. Sign In through Netflix

Next, you're going to send the subscriber to our login page to sign in, using your existing consumer_key, your application's name, and the oauth_token you received in the previous step. You're also going to tell us where to send him after he signs in, with the callback.

oauth_token: This and application_name both come from the reply to Step 1.
application_name: Some application names contain URL formatting such plus-signs. Paste it in exactly as given above in the reply to Step 1.
oauth_callback: If you're testing your own callback, feel free to change this.
consumer_key: This has not and never will change.
Netflix Login Page: Important: you're not signing this call, so consumer_secret and oauth_token_secret don't come into play. When you click the button below, you'll be sent to Netflix to sign in.
Signed URL

4. Get your Authorized OAuth Token and Authorized OAuth Token Secret

There's nothing to enter here that you don't already have on file, so you don't have to fill anything in. The callback does nothing except say to your page "Okay, looks like the subscriber has signed in; feel free to request an access token now." Don't dawdle here; if you get an expired token message back, you've taken too long and will need to start over.

consumer_key:
consumer_secret :
oauth_token:
oauth_token_secret :
Access Token URL :
Signed URL

5. Save the Authorized User Credentials

Save the user's encrypted ID, oauth_token, and oauth_token_secret, which will be good until he revokes your permission. (For the purposes of our demo, we're saving it in the browser state only.)

oauth_token: This is the authorized oauth_token from the last step. It's very long.
user_id : This will never change, and may be used as this user's primary key in your local database.
oauth_token_secret : As above, this is the authorized oauth_token_secret from the last step.

6. Make Authorized Calls

consumer_key:
consumer_secret :
oauth_token:
oauth_token_secret :
Run Query:
HTTP Method:
Signed URL

Things to Do and Notice

See all the link href values? Any of these can be plugged right back into the API Endpoint blank to make another call.
Once you start running endpoints that show individual movies, you'll start to see link href values that point into the catalog. These will also work fine.

7. Writing to the Netflix Database

Adding

Here we will use our new-found powers to add the Marx Brothers classic "A Night At The Opera" to your subscriber's available-DVD queue.

First, you'll need to read your subscriber's queue. Run the following query:
http://api.netflix.com/users/[user_id]/queues/disc/available
In the API return, find the queue's etag. To help keep everything in synch, the API needs to know the current etag for every add, change, or delete. For the walk-through to continue to work, you will need to change the value 123456789 in the examples to the etag value returned by the previous call.

Set the HTTP Method to POST.

Send the following request to add the movie to the end of your subscriber's queue:

http://api.netflix.com/users/[user_id]/queues/disc?title_ref=http://api.netflix.com/catalog/titles/movies/60029761&etag=123456789

If it worked, you'll get an HTTP 201 reply, with a success message. A bit further down you'll see the new movie's queue position, plus lots of interesting information about the movie.

Moving

Let's bump "A Night at the Opera" up to position #3:

You'll need the updated etag, which will be the first thing you see in the success message from the Add step, and the movie ID you just used. Here's your query:
```
http://api.netflix.com/users/[user_id]/queues/disc?title_ref=http://api.netflix.com/catalog/titles/movies/60029761&position=3&etag=123456789
```

Be sure your HTTP method is still set to POST.
If it worked, you'll get an HTTP 201 reply, with a Move successful message, and the position will show as 3.
You can also use this method to add a movie directly into a particular slot in a subscriber's queue. Caution: most subscribers do not use Netflix in this fashion, and will not like it if "Seed of Chuckie" shows up on on top of "Dark Knight" and causes them to miss their shipment.

Deleting

Assuming "A Night at the Opera" is still in your subscriber's queue, here's how to delete it:

Make the following query, with your HTTP method set to POST:

http://api.netflix.com/users/[user_id]/queues/disc/available/60029761?method=delete&etag=123456789

Again, be sure to set your HTTP Method to POST. Because Web browsers don't have access to the HTTP DELETE verb, we're going to use POST with a method override, method=delete. This won't be necessary for non-browser-based applications that have access to DELETE.
If it worked, you'll get an HTTP 200 reply, with a Title deleted from queue message.

That's it for our demonstration. Feel free to use this page to test signed-in calls whenever you like.

For further information, please consult the REST API Reference, and please let us know what you think on the Netflix API Forums. Thanks for playing!

Having Trouble?

If you seem to be getting all the way through step 3 and steps 4 or 5 are failing, please check that you actually signed in to your application:
http://www.netflix.com/ThirdPartyAccess
If you don't see your application name listed under Manage Your Site Connections, something failed in the sign-in step. Please check that you entered the correct application_name in step 3.