Can't manage to authenticate against Twitch Helix API

I’m currently trying to create a custom reward using the helix api within my backend.

The Frontend already sends an Authorization Header with the token provided by onAuthorized. But what token do I send to the helix api? I’ve tried several keys from the twitch console, tried the token delivered by onAuthorized itself, but so far I only got error: "Unauthorized", status: 401, message: "Invalid OAuth token". Do I need to create the token myself using jwt?

const auth = req.headers.authorization;
const payload = verifyAndDecode(auth);

const {...} = req.body;

const headers = {
    "Authorization": "Bearer " + ???,
    "client-id": clientId,
    "Content-Type": "application/json"

const data = {...};

const {body} = await`${payload.user_id}`, data, {headers});

Your assumption that a JWT is an OAuth Token is incorrect - JWTs only work as authentication for the Endpoints under the /extensions/ path in the API - not Helix. (See also what is mentioned under Authentication for each endpoint here vs. here)

You’ll have to send the Broadcaster through an additional OAuth Flow to receive the required scopes on a User Access Token.

Feel free to reference the Docs on Authentication or my FAQ Post about it or ask any further questions here.

1 Like

Thanks the quick response!

I took a look at the different OAuth Flows and tried to implement the “OAuth client credentials flow” to handle everything serverside. Thats how I try to retrieve the token:

const authorizeRequest = async () => {
    try {
        const data = {
            "client_id": clientId,
            "client_secret": clientSecret,
            "grant_type": "client_credentials"

        const headers = {
            "Content-Type": "application/json"

        return await"", data, {headers});
    } catch (error) {
        console.log("Error retrieving token: ", error);
        throw new Error("Error retrieving token.")

This works fine in terms of getting a token. But somehow this is still not the OAuth token the helix api is expecting me to provide:

“Missing User OAUTH Token”

Do I need to use one of the other flows to actually send the user through authorization?

Yes. Channel points requires a user token

Not a server to server token.
As server to server tokens (simply) do not have access to priviledged/scoped data as they don’t represent a user.

You can also see in the documentation for the endpoint you are trying to call

Query parameter broadcaster_id must match the user_id in the User Access token

Requires OAuth Scope: channel:read:redemptions

You need a “user Access Token”

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.