keep getting 400 bad request error when trying to query for user’s follower list.
am using bash to call the api.
able to get token and pass token - just when it does a get for xyz url for follower list - return is 400 bad request or 301 permanently moved.
can some explain to me why im getting the error or maybe help me debug what is happening?
Please provide an example of the call you are making (with the token censored)
#!/bin/bash
Ask for username and password
echo "What’s the username: "
read name
Curl for token
curl -X POST ‘https://id.twitch.tv/oauth2/token?client_id=<client_id>&client_secret=<client_code>&grant_type=client_credentials&scope=user:read:email’ >> token.txt && awk -F ‘"’ ‘{print $4}’ token.txt >> token_only.txt
token=$(cat token_only.txt)
Get User ID
curl -H ‘Accept: application/vnd.twitchtv.v5+json’ -H ‘Client-ID: <client_id>’ -H ‘Authorization: Bearer <client_code>’ -H 'Authorization: OAuth '$token 'https://api.twitch.tv/kraken/user?login=’$name -v
curl -H ‘Accept: application/vnd.twitchtv.v5+json’ -H ‘Client-ID: <client_id>’ -H ‘Authorization: Bearer <client_code>’ -H 'Authorization: OAuth '$token -X GET https://api.twitch.tv/helix/streams?user_login=$name -v
Remove Token for next go
rm token*
im almost positive there is something wrong with the url that im trying to call
curl -H ‘Accept: application/vnd.twitchtv.v5+json’ -H ‘Client-ID: xuvnniaiv7jupqbb4wdfo2rbbhlefv’ -H ‘Authorization: Bearer <client_code>’ -H 'Authorization: OAuth '$token
Should be just
curl -H ‘Client-ID: xuvnniaiv7jupqbb4wdfo2rbbhlefv’ -H ‘Authorization: Bearer <client_code>’
You are sending both Kraken and Helix headers. for all requests. Shouldn’t be a problem but we can clean our your headers to JUST Helix headers
use helix get users
There is no follow request in your code.
So i have looked through all the different references and forms - any way i use it i still get a 400
if i remove the oauth - i get a “missing oauth” error and if i add it back - you can see what i get below.
cleaned up code:
curl -X POST ‘https://id.twitch.tv/oauth2/token?client_id=’$client_id’&client_secret=’$client_secret’&grant_type=client_credentials&scope=user:read:email’ >> token.txt && awk -F ‘"’ ‘{print $4}’ token.txt >> token_only.txt
token=$(cat token_only.txt)
Get User ID
curl -H 'Client-ID: '$client_id -H 'Authorization: Bearer '$client_secret -H 'Authorization: OAuth '$token 'https://api.twitch.tv/helix/users?login=’$name -v
Remove Token for next go
rm token*
this is what the curl is sending as get request to api.twitch.tv:
GET /helix/users?login=$name HTTP/2
and getting this back:
400 Bad Request400 Bad Request
* Connection #0 to host api.twitch.tv left intactThat would suggest you tried to lookup $name
, which is not a valid username (Usernames can’t contain $)
You should of also got a body that desribes the error
{
"error": "Bad Request",
"status": 400,
"message": "Invalid login names, emails or IDs in request"
}
i was hiding the user name that it was using - if you want to retry its mine personal username hevvee18
below is the entire output from everything
What’s the username:
hevvee18
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 121 100 121 0 0 180 0 --:–:-- --:–:-- --:–:-- 179
- Trying 151.101.206.214:443…
- Connected to api.twitch.tv (151.101.206.214) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt
- CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN, server accepted to use h2
- Server certificate:
- subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc.; CN=twitch.map.fastly.net
- start date: Mar 26 21:41:40 2021 GMT
- expire date: Mar 27 21:41:40 2022 GMT
- subjectAltName: host “api.twitch.tv” matched cert’s “*.twitch.tv”
- issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign CloudSSL CA - SHA256 - G3
- SSL certificate verify ok.
- Using HTTP2, server supports multi-use
- Connection state changed (HTTP/2 confirmed)
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
- Using Stream ID: 1 (easy handle 0x55fe25fe6dc0)
GET /helix/users?login=hevvee18 HTTP/2
Host: api.twitch.tv
user-agent: curl/7.74.0
accept: /
client-id: <client_id>
authorization: Bearer <client_secret>
authorization: OAuth
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 400
< server: awselb/2.0
< content-type: text/html
< date: Sat, 27 Mar 2021 16:10:11 GMT
< x-served-by: cache-sea4458-SEA, cache-pdk17837-PDK
< x-cache: MISS, MISS
< x-cache-hits: 0, 0
< x-timer: S1616861411.495229,VS0,VS0,VE64
< strict-transport-security: max-age=300
< content-length: 122
<
<
<400 Bad Request
<
<400 Bad Request
<
Then I don’t know what wrong
as you wrote
I assumed that was what you actually sent/got back
You are trying to send your client secret as your auth header
And you are still sending a Kraken auth header.
Which is winning.
curl -H 'Client-ID: '$client_id -H 'Authorization: Bearer '$client_secret -H 'Authorization: OAuth '$token 'https://api.twitch.tv/helix/users?login=’$name -v
Should be
curl -H 'Client-ID: '$client_id -H 'Authorization: Bearer '$token 'https://api.twitch.tv/helix/users?login=’$name -v
as per the example call
curl -X GET 'https://api.twitch.tv/helix/users?id=141981764' \
-H 'Authorization: Bearer cfabdegwdoklmawdzdo98xt2fo512y' \
-H 'Client-Id: uo6dggojyb8d6soh92zknwmi5ej1q2'
ok so i get it now - it should be sending the token not the actually client_secret
that fixed ended up being the solution.
thank you sir
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.