[Feature Request] Webhook for Revoked Connections

I would like to be able to react to a user disconnecting my application from their account without having to poll with a token to see if the token is still valid. My servers don’t need the extra load. Your servers don’t need the extra load. I don’t want to keep hundreds of thousands of live tokens around for such a spurious reason. There’s a better way.

To that end, I request the implementation of a revocation webhook, similar to what GitHub does, Facebook does, Slack does, etc.

Example of what I’d like:

curl -H 'Client-ID: some_app' \
-H 'Authorization: Bearer some_app_token' \
-H 'Content-Type: application/json' \
-X POST -d '{"hub.mode":"subscribe",
"hub.topic":"https://api.twitch.tv/helix/revocation",
"hub.callback":"htps://some-application/path/to/callback/handler",
"hub.lease_seconds":"864000",
"hub.secret":"kappa doesn't make you funny"}' \
https://api.twitch.tv/helix/webhooks/hub

Where the payload would be an array of user objects (being an array to match other webhooks):

{
    "data": [{
        "id": "1234",
        "login": "example",
        "display_name": "Example",
        ...
    }]
}

An array of just IDs would be fine too, as long as we have a strong way of identifying the user that disconnected from our applications.

Aside: It’d be really nice if we could set up permanent webhooks for topics like this using the administration panel rather than having to submit temporary ones via the API.

3 Likes

I’d actually rather see a generic “automagic” webhook that just happens with no subscription needed… The Idea being that it would just be another value we’d configure on our application in the dev portal. When a revocation occurs, hit the revocation url we configure passing the user object(s) that have been revoked so that we can purge them from our applications.

4 Likes

I’d rather see that too. I was trying to make a suggestion in line with the rest of Twitch’s webhooks to maybe make it more likely to be implemented, but I strongly prefer having set permanent webhooks for something like that.

GitHub takes that approach. You automatically get them and can’t opt out.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.