Why did I receive a token with the scope analytics:read:extensions, but the API still rejects the request saying that I don’t have that scope? Am I using the wrong token? If I’m using the wrong token, can you update the API to return the proper error, let me know what the correct required token is, how I can acquire this token (what’s the API URL), and let all devs know by adding it to the documentation? That would be super hepful to the dev community.
The reason you’re getting an error is because you’re using an App access token. You need to generate a user access token and permit it the scope to access your extension analytics.
As for documentation, the docs do state Since app access tokens are not associated with a user, they cannot be used with endpoints that require user authentication., and the endpoint you’re trying to access requires your user account that owns those extensions to grant permission in the form a User Access Token with the analytics:read:extensions scope. There are also numerous topics on the subject on these forums explaining the differences.
Thanks Dist. It would be helpful if the error message said what you knew (it would save both of us time). Something along the lines of “Error: using App access token. A User Access Token is required.” as opposed to "Missing analytics:read:extensions scope”
Can you please share the source of the documentation from which you pulled the quote? That will help folks in a similar situation (and myself as well, as obviously I’m not as well versed with the API as you are).
Also please keep in mind that the doc for this endpoint https://dev.twitch.tv/docs/api/reference/#get-extension-analytics does not mention anything about the type of token required (I’d looked for it, but couldn’t find it. if you think i’m mistaken, can you please link me to where it specifies what you’ve specified here). I think it’s unreasonable to expect folks to look to the forums for documentation.
I think the reasoning behind why the endpoint doesn’t specify the type of token required is because it’s implied by the fact that it has a required scope, as only a User Access Token can have that scope. A user (in this case, the owner of the extensions) has to grant permission to the app to access that endpoint. App tokens can’t be used on behalf of a user, that’s not what they are for and I think part of the confusion comes from people jumping right into the API reference with minimal understanding of OAuth, or not reading the authentication docs thoroughly.
If you think about it, if an app access token was required you’d never be able to grant 3rd parties access to your extension analytics data as you’d be the only one capable of generating an App Access Token for your extensions.
I agree that the error message you receive isn’t the most informative when it comes to pointing out your issue, but technically it is correct as it’s checking the tokens validity and while it is a valid token it doesn’t have the required scope (because that scope isn’t appropriate for App Access Tokens).