Pretty much as the title says, from my application I can’t read channel bans even if the access token has the moderation:read
scope granted. Whenever I try to do a request to this endpoint
https://api.twitch.tv/helix/moderation/banned?broadcaster_id=<channel_id>&user_id=<user_id>
where channel_id
is the ID of the broadcaster channel and user_id
is the ID of the user I want to check if is banned. In the header I’m passing the application Client ID, the application/vnd.twitchtv.v5+json
Accept header and the access token of the broadcaster with the moderation:read
scope granted with OAuth. Is something missing from the request or is something going on? Because it worked until today with no problem. It also refreshed the token several times before today, so I don’t know if it could be related to the refresh token endpoint not returning a correct token
You don’t need this header with Helix
You should use the validatity endpoint
Authentication
To confirm your token is correct, for the right user_id (broadcaster_id) and has the scopes you think it does.
Whats the actual error message are you getting?
Similar code flow is working as expected here!
From the validate endpoint I get this response
{
"client_id": "my-application-client-id",
"login": "channel-name",
"scopes": [
"moderation:read",
"user_read",
"user_subscriptions"
],
"user_id": "channel-user-id",
"expires_in": 9710
}
Of course I’ve changed the details about the various IDs, but as you can see the scope is right. However from the above endpoint I get this
{
"error": "Unauthorized",
"status": 401,
"message": "Missing scope: moderation:read"
}
The authorization token used in both cases is, of course, the same
Very odd, looks like you have a correct token (user token not app access), but the API rejects it.
You sure your code doing the call to the ban’s API is using the right token in case you have multiple in play?
Aside from that it’s a really odd issue. Try running the call manually cURL on the command line, to check if it’s the token or your code.
I’m actually trying the calls from postman. However I tried using curl and I get the same 401 error
Helix uses "Bearer " not "OAuth " in the header.
There is your issue
Authorization: Bearer YOURKEY
OAuth is OAuth
The prefix is irrelevant.
It’s still an OAuth key, but helix requires the prefix to be “bearer”
You’ve misunderstood the announcement.
Here is a sample request to show the headers mentioned above.
curl -H 'Authorization: Bearer cfabdegwdoklmawdzdo98xt2fo512y' \
-H Client-ID: uo6dggojyb8d6soh92zknwmi5ej1q2' \
-X GET 'https://api.twitch.tv/helix/users?id=44322889'
It’s even in the example in that very post
Soon all calls to Helix will require the use of an OAuth token, Helix uses the word “Bearer” as the OAuth prefix
1 Like
Yep, look like I totally did Still strange because it used the OAuth prefix until today and has no issues
Then that shouldn’t of worked at all.
Helix has already required Bearer, and if Twitch snuck in a bug, they have now fixed that bug
system
Closed
May 16, 2020, 1:12pm
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.