All Media Downloader — Docs
home open_in_new
Navigation
HOME
GETTING STARTED
VIDEO
REFERENCE

Authentication

Access to the All Media Downloader API is done via RapidAPI headers. You must provide your x-rapidapi-key with each request.

info
Important: in production, never place the key in client-side code. Always go through your server (proxy) to sign and relay requests.

Required headers

Header Value Notes
x-rapidapi-key your_key Secret key provided by RapidAPI (Dashboard → Security).
x-rapidapi-host all-media-downloader1.p.rapidapi.com Must exactly match the API used.
Content-Type application/x-www-form-urlencoded The request body is encoded as key=value. 
curl --request POST \
  --url https://all-media-downloader1.p.rapidapi.com/all \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'x-rapidapi-host: all-media-downloader1.p.rapidapi.com' \
  --header 'x-rapidapi-key: <YOUR_RAPIDAPI_KEY>' \
  --data-urlencode 'url=https://example.com/video'

Server-side proxy (recommended)

The client application sends the request to your server, which adds the RapidAPI key and relays to the API. This protects your secret, enables rate limiting, logging, and applying CORS rules.

code Node.js (Express)
import express from "express";
import fetch from "node-fetch";
const app = express();
app.use(express.urlencoded({ extended: true }));
app.post("/proxy/all", async (req, res) => {
  const key = process.env.RAPIDAPI_KEY; // stored as environment variable
  const url = "https://all-media-downloader1.p.rapidapi.com/all";
  const body = new URLSearchParams({ url: req.body.url || "" });
  const r = await fetch(url, {
    method: "POST",
    headers: {
      "Content-Type": "application/x-www-form-urlencoded",
      "x-rapidapi-host": "all-media-downloader1.p.rapidapi.com",
      "x-rapidapi-key": key
    },
    body
  });
  const text = await r.text();
  res.status(r.status).type("application/json").send(text);
});
app.listen(process.env.PORT || 3000);
code PHP
<?php
// proxy.php
$key = getenv("RAPIDAPI_KEY");
$ch = curl_init("https://all-media-downloader1.p.rapidapi.com/all");
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/x-www-form-urlencoded",
    "x-rapidapi-host: all-media-downloader1.p.rapidapi.com",
    "x-rapidapi-key: ".$key
  ],
  CURLOPT_POSTFIELDS => http_build_query(["url" => $_POST["url"] ?? ""])
]);
$resp = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE) ?: 500;
curl_close($ch);
http_response_code($code);
header("Content-Type: application/json; charset=utf-8");
echo $resp;
code Python (Flask)
from flask import Flask, request, Response
import requests, os
app = Flask(__name__)
@app.post("/proxy/all")
def proxy_all():
    key = os.getenv("RAPIDAPI_KEY")
    u = "https://all-media-downloader1.p.rapidapi.com/all"
    headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "x-rapidapi-host": "all-media-downloader1.p.rapidapi.com",
        "x-rapidapi-key": key
    }
    r = requests.post(u, headers=headers, data={"url": request.form.get("url","")}, timeout=60)
    return Response(r.content, status=r.status_code, content_type="application/json")
app.run()

Secrets & environment management

Best practices
  • Store the key in environment variables (e.g. RAPIDAPI_KEY).
  • Never commit the key in Git: use an ignored .env.
  • Restrict access via firewall / IP allowlist if possible.
  • Set up periodic key rotation.
  • Log server-side (without storing secrets in plain text).
Configuration examples
# .env (do not commit)
RAPIDAPI_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PORT=3000

# Linux / macOS (session)
export RAPIDAPI_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Windows PowerShell (session)
$Env:RAPIDAPI_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Quotas, limits & retries

Depending on your RapidAPI plan, rate limits may apply. Implement:

  • Exponential backoff (e.g. 250ms, 500ms, 1s, 2s…)
  • A server-side queue if high traffic
  • Short caching of repeated results
async function callWithRetry(fetcher, { retries=4, base=250 }={}){
  let err;
  for(let i=0;i<=retries;i++){
    try{ return await fetcher(); }catch(e){
      err = e;
      await new Promise(r => setTimeout(r, base*Math.pow(2,i)));
    }
  }
  throw err;
}

Common authentication errors

HTTPProbable causeAction
401 Missing / invalid key Check x-rapidapi-key, regenerate key
403 Access denied / incorrect host Check x-rapidapi-host and plan permissions
429 Quota or rate limit exceeded Implement retries + upgrade plan

Security checklist (Auth)

shield_lock
Do
  • Use server-side proxy for all requests.
  • Store the key server-side only (env/secret manager).
  • Regular rotation, server-side logging, monitoring.
  • Restrictive CORS (allowed origins) on your proxy.
block
Avoid
  • Placing the key in client-side JavaScript.
  • Committing the key in Git.
  • Sharing the key in unencrypted messaging.
  • Exposing endpoints without rate limiting.
dashboardOverview keyAuth