Cookies: when and why?
Some platforms protect access to private or restricted videos. To allow the analysis of these URLs, your application can send to the API a valid Cookie header from an authorized session. These cookies are only used to prove that you have access to the content.
privacy_tip
Important: use cookies only if the resource really requires it (e.g., private video).
In production, never expose sensitive cookies in client code.
Use a server proxy to relay them securely.
Accepted format
The cookie format accepted by the API is a standard HTTP Cookie header string:
datr=xWa4aCq_l0hzcoPrS5BVHas7; dpr=2.184147357940674; sb=xWa4aEU0sHff1gd4DqigCQsa; c_user=61579216067841; xs=...
This text is exactly what browsers send in the
Cookie header.
Keep the name=value pairs separated by ; and **without line breaks**.
How to send cookies to the API
1) cURL (quick test)
curl --request POST \
--url https://all-media-downloader1.p.rapidapi.com/all \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'x-rapidapi-host: all-media-downloader1.p.rapidapi.com' \
--header 'x-rapidapi-key: <YOUR_RAPIDAPI_KEY>' \
--data-urlencode 'url=https://example.com/private-video' \
--data-urlencode 'cookie=datr=...; dpr=...; c_user=...; xs=...'2) JavaScript (via your server — recommended)
// Client side: send ONLY the URL to your backend (never the sensitive cookies)
async function analyzePrivate(url){
const res = await fetch('/proxy/analyze', {
method: 'POST',
headers: {'Content-Type':'application/json'},
body: JSON.stringify({ url })
});
if(!res.ok) throw new Error('HTTP '+res.status);
return await res.json();
}
// Server side (Node/Express example): inject Cookie only on the server
// app.post('/proxy/analyze', async (req,res)=>{
// const { url } = req.body;
// const cookieHeader = process.env.MEDIA_COOKIE; // stored as environment variable
// const form = new URLSearchParams({ url, cookie: cookieHeader });
// const r = await fetch('https://all-media-downloader1.p.rapidapi.com/all', {
// method:'POST',
// headers:{
// 'Content-Type':'application/x-www-form-urlencoded',
// 'x-rapidapi-host':'all-media-downloader1.p.rapidapi.com',
// 'x-rapidapi-key': process.env.RAPIDAPI_KEY
// },
// body: form
// });
// const data = await r.json();
// res.json(data);
// });3) PHP (server proxy)
<?php
// proxy.php
$body = json_decode(file_get_contents('php://input'), true);
$url = $body['url'] ?? '';
if (!$url) { http_response_code(400); exit('Missing url parameter'); }
$cookie = getenv('MEDIA_COOKIE'); // store the cookie in server environment
$post = http_build_query(['url'=>$url, 'cookie'=>$cookie]);
$ch = curl_init('https://all-media-downloader1.p.rapidapi.com/all');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $post,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
'x-rapidapi-host: all-media-downloader1.p.rapidapi.com',
'x-rapidapi-key: '.getenv('RAPIDAPI_KEY')
],
]);
$out = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
http_response_code($code ?: 200);
header('Content-Type: application/json');
echo $out;Terms of use & rules
| Condition | Explanation | Why it matters |
|---|---|---|
| Consent & rights | Use cookies only if you are authorized to access the content. | Legal compliance & platform agreements. |
| Privacy | Do not expose sensitive cookies on the client side. | Avoids session hijacking. |
| Lifetime | Cookies expire; anticipate their renewal. | Prevents random failures on private content. |
| Scope & domain | Cookies are valid for a specific domain/path. | Ensures access consistency depending on platform. |
| Traceability | Log their usage (without logging the full cookie value). | Audit, support, security. |
Best practices (security & UX)
shield_lock Security
- Store the cookie on the server side (environment variable, secret manager).
- Do not log the full value; partially mask it.
- Rotate regularly if the platform allows.
thumb_up Experience
- Inform the user if a cookie is required for a private URL.
- Show clear messages in case of expiration/refusal.
- Request the cookie only when necessary.
Troubleshooting
| Symptom | Likely cause | Solution |
|---|---|---|
| HTTP 401/403 | Invalid/expired or unauthorized cookie | Retrieve a valid cookie, check domain/scope |
| Empty formats | Access to streams denied | Send the required cookie; retry |
| Playback impossible | CORS/MIME issues on CDN side | Play via a compatible player or download server-side |