Authentication overview

API key types

Dailymotion provides two types of API keys depending on your integration scope and technical needs.

Both allow you to authenticate requests and generate access tokens, but they differ in how they are used, what data they can access, and where they should be implemented.

Public API key - You use this when your app interacts directly with public Dailymotion data or when users log in with their own account to perform actions: Your app acts “on behalf of a user”.

Private API key- You use this when your integration manages multiple channels or corporate assets, often without user interaction : Your app acts “on behalf of your organization”.

Key type	Usage	Tokens
Public API key	For client-side applications where the key may be visible. Accesses public data or acts on behalf of a user.	Generated with key + secret (+ optionally user credentials). Permissions depend on the user’s rights.
Private API key	For server-side integrations (keys kept hidden). Used for server-to-server or organization-wide actions. Your app acts on behalf of your organization. Uses partner.api.dailymotion.com endpoints	Generated with key + secret only. Permissions and scopes are predefined for the key (channels, actions).

Key type

Usage

Tokens

Public API key

For client-side applications where the key may be visible. Accesses public data or acts on behalf of a user.

Generated with key + secret (+ optionally user credentials).

Permissions depend on the user’s rights.

Private API key

For server-side integrations (keys kept hidden). Used for server-to-server or organization-wide actions. Your app acts on behalf of your organization.

Uses partner.api.dailymotion.com endpoints

Generated with key + secret only.

Permissions and scopes are predefined for the key (channels, actions).

Endpoint compatibility

Endpoint	Public API key	Private API key
https://api.dailymotion.com	✔	No - Public API key required
https://partner.api.dailymotion.com/	No - Private API key required	✔

Authentication methods

To access the protected resources of a Dailymotion account via the API, you can grant permission via an access token issued by our authorization server.

Depending on your scenario and technology, different authorization methods – called “grant types” – can be used to retrieve an access token.

The following grant types are available with the Platform API – note that they aren’t all compatible with private API keys:

Grant type	Public API key	Private API key
`client_credentials` Used for server-to-server communication or when the client acts on its own behalf: the client sends its API key and API secret directly to the token endpoint Uses partner.api.dailymotion.com endpoints	✘	✔
`password` Easy to implement, it should however only be used when there is a high degree of trust between the client application and the resource owner since the user’s credentials (username and password) are used to retrieve the access token	✔	✘
`authorization_code` Used by web applications that can securely store the client secret. It is a 2-step process where an authorization code is granted first, then exchanged for an access token	✔	✘

Grant type

Public API key

Private API key

client_credentials

Used for server-to-server communication or when the client acts on its own behalf: the client sends its API key and API secret directly to the token endpoint

Uses partner.api.dailymotion.com endpoints

✘

✔

password

Easy to implement, it should however only be used when there is a high degree of trust between the client application and the resource owner since the user’s credentials (username and password) are used to retrieve the access token

✔

✘

authorization_code

Used by web applications that can securely store the client secret. It is a 2-step process where an authorization code is granted first, then exchanged for an access token

✔

✘