Skip to page content

Working with the Netflix API in PHP


I spent part of last week working on an entry for the Boxee/Twilio developer contest. A few days before the deadline, I decided it’d be really slick if I added Netflix into the mix, so I started digging through the documentation. I think Twilio’s simple API and awesome debugging tools spoiled me because figuring out Netflix’s API was a pain. A lot of this had to do with there not being a really good PHP library to take care of authorization and making signed calls to the API. I went with OAuthSimple and ran into a lot of “invalid signature” errors and other little gotchas along the way. Hopefully, this write-up and sample code will save you guys some time.

Before You Begin

In order to get started, you’ll need to sign up for a Netflix developer account and apply for an API key. (This is separate from your normal Netflix account.) After you’ve been approved (as far as I can tell, approval is instant), you’ll receive a “key” and a “shared secret.” From here on out, we’ll call them the “consumer key” and “consumer secret.”

Screenshot of the Netflix API key management page.

Write both of those down, because we’ll be using them often. You’ll also want to get yourself a copy of the OAuthSimple library.

Getting Authorized

Netflix uses OAuth, so you’ll need to have users authorize your application before you can work with their data. In order to do this, we’ll create a link that takes them to the authorization page.

If all goes well and the user authorizes the application, Netflix will call the page you specified in the link above and pass it the user’s OAuth token. You can then exchange that temporary token for a permanent OAuth token, OAuth token secret, and user ID. You’ll want to save this information in your database (or however you’re storing data) since you’ll be using it to make calls to the Netflix API.

Making Calls to the API

Now that the user has authorized your application, you’re ready to actually start working with the API [1]. The API is REST based, so it’s as simple as specifying a URL, passing in the proper parameters, and parsing the data returned.

For example, here’s how to get a list of the movies in the user’s Instant Watch queue:

Adding movies to a user’s queue is similar—just specify the URL ([netflix_user_id]/queues/instant/disc), pass in the proper parameters, and parse the data returned. Also, remember that when writing data, set cURL to POST the data (curl_setopt($curl, CURLOPT_POST, true) and curl_setopt($curl, CURLOPT_POSTFIELDS, [parameters to pass])) and set the action to POST in the OAuthSimple library ($oauth->setAction('POST')).

Check out Netflix’s documentation for other examples of common tasks.


  1. You can work with some parts of the Netflix API without being authorized by the user, but nothing too interesting—just searching the Netflix catalog for movies/TV shows.


  1. weston deboer on September 12, 2010

    hi there is problems with the Getting Authorized code.

    you have it like this:

    $signatures => Array(
    ‘consumer_key’ => $consumer_key,
    ‘shared_secret’ => $consumer_secret)

    and it should be:

    $signatures = Array(
    ‘consumer_key’ => $consumer_key,
    ‘shared_secret’ => $consumer_secret

    and the last line, you use echo = ‘

    it should just be echo ‘

  2. Rahim Sonawalla on September 12, 2010

    Whoops, thanks for pointing that out, Weston! The gist has been updated.

  3. Adam McIsaac on May 13, 2011

    Thanks so much for this breakdown!
    I was struggling to get the user’s token until I read your walk through. Got me past a troublesome hurtle!

  4. Rahim Sonawalla on May 16, 2011

    Thanks, Adam. Glad you found the guide useful!

  5. Don on July 28, 2011

    I’m trying to add titles to the queue and I’ve done what I think you explained about adding items to the queue and I keep getting the Invalid Signature error. I know the OAuth is working with Netflix because I’m also printing my current queue at the same time. Any ideas?

  6. john barker on July 29, 2011

    Mostly worked, with a couple tweaks:

    using ‘output’ => ‘json’ in the params, broke it.
    $params = array();

    in general:
    $signed = $oauth->sign(Array(
    path => $request_token_url,
    parameters => $params,
    signatures => $signatures

    better to put array keys as Strings instead of lowercase Defined variables (IE put the sucker in some quotes)

    $signed = $oauth->sign(Array(
    “path” => $request_token_url,
    “parameters” => $params,
    “signatures” => $signatures

    great work, thanks!

  7. David Register on July 30, 2011

    Hey Rahim,
    Great write up on how to conquer the Netflix API. The oauth was giving me some trouble til I read this article.

    I am storing the values into the database as you mentioned but how can I query the data. It seems that the tokens change with ever request from each user. Is that how it is supposed to work, the user has to verify every time they visit the app and request a new userId and oauth token? Or is there some constant value that I can store to query against to get the userId on next visit.

    Thanks in advance.

  8. Rahim Sonawalla on August 13, 2011

    @Don Could you try making the call in Netflix’s Authorization Walkthrough ( and let us know if that works? If it does, then we’ll need to take a look at your code to see what’s going wrong.

    @John Thanks for the finds. I’ve updated the code.

    @David It seems like you might be storing the temporary token rather than the permanent token. You should be getting back a more long-lived token which doesn’t need to be reauthenticated (mentioned at the bottom of the second code example). Could you check to ensure that you’re storing the proper token?

  9. Dan LaManna on October 23, 2011

    Hey Rahim,

    Wanted to thank you for this great guide, it’s unfortunate Netflixs’ API is lacking in code samples and this made it much simpler to understand getting it setup!

  10. Oskar on November 12, 2012

    I’m sorry but it really annoys me when people upload untested code riddled with mistakes… This does the opposite of help people, instead it just gives us even more headache from trying to figure out what you meant to do….. Only to fix everything and then in the end land with a nice

    “Invalid Signature”

    as with every other old pp-library that does not work…

    In your examples you set params to use JSON then you don’t interpret the result as JSON…..

    In the last code you do:
    $params = array(
    ‘oauthToken’ => $var,

    but in OAuthSimple.php (latest) they ask for “oauth_token” with underscore…

    I think I managed to correct all the errors in the code but the invalid signature is a lot harder to fix..

  11. Oskar on November 12, 2012

    After fixing all the error one can figure out easily… You should really look into naming the variables differently to better represent what they are for and not name different ones the same even if it’s not in the same code box..

    the last step the oauth_secret is the one you get from the step before, I made a variable for this since I’m only going to use my own account so I used $authedTokenSecret .. eg. ‘oauth_secret’ => $authedTokenSecret

    ‘oauth_token’ => $authedToken (notice the underscore)

    But thanks anyway because I finally got this peace of shit API to work!!!!

  12. Rahim Sonawalla on November 13, 2012

    Hi Oskar,

    Sorry about that, the intention wasn’t to put up code with errors. Part of the problem is that the code was two years old (I wrote the blog post back in 2010) and Netflix had updated its API URLs. I’ve updated the gist and tested the code.

    One thing I didn’t update was your note about oauthToken vs oauth_token. I didn’t see anywhere in the code where I use oauthToken instead of oauth_token.

    Anyway, I’m glad you got your code working! Hopefully, this post can still be helpful for other folks.

    – Rahim

Have your say