I would like to be able to react to a user disconnecting my application from their account without having to poll with a token to see if the token is still valid. My servers don’t need the extra load. Your servers don’t need the extra load. I don’t want to keep hundreds of thousands of live tokens around for such a spurious reason. There’s a better way.
To that end, I request the implementation of a revocation webhook, similar to what GitHub does, Facebook does, Slack does, etc.
Example of what I’d like:
curl -H 'Client-ID: some_app' \
-H 'Authorization: Bearer some_app_token' \
-H 'Content-Type: application/json' \
-X POST -d '{"hub.mode":"subscribe",
"hub.topic":"https://api.twitch.tv/helix/revocation",
"hub.callback":"htps://some-application/path/to/callback/handler",
"hub.lease_seconds":"864000",
"hub.secret":"kappa doesn't make you funny"}' \
https://api.twitch.tv/helix/webhooks/hub
Where the payload would be an array of user objects (being an array to match other webhooks):
{
"data": [{
"id": "1234",
"login": "example",
"display_name": "Example",
...
}]
}
An array of just IDs would be fine too, as long as we have a strong way of identifying the user that disconnected from our applications.
Aside: It’d be really nice if we could set up permanent webhooks for topics like this using the administration panel rather than having to submit temporary ones via the API.