Channel Point API is too restrictive

I was looking forward to the channel point API but now that it is finally out I have one big problem with it.

From what I understand, there is no way to affect a channel point reward if the client-id does not match the client id used during its creation. On the surface, this might sound like a minor issue but this renders the whole API system for channel point a bit useless, let me explain.

This forces 2 options for developers.
Either your App comes with a few premade rewards that are created on startup and leave it at that
OR you have to design your own interface for creating/managing rewards, not possible for lots of project.

For the end-user, this would make no sense why the rewards they created on the website couldn’t be used with other apps. For example, It would be impossible for someone to make a button on a stream deck that fulfills or cancels someone’s redeem.

I’m personally trying to make a simple command that cancels and fulfill redeems and can turn rewards on or off at will through a stream deck. This is rendered impossible due to the client id restriction. Forcing me to make an interface myself and distributing it along with my command, which is highly impractical.

Any way to bypass the client-id restriction would be very welcomed

Twitch always creates new products, like this, quite restrictive but does loosen them up when they see a valid use.

For now, you can submit your request to uservoice, or vote on one that fits your needs:

Twitch keeps looking at and evaluating them.

A compromise I could imaging would be to keep editing the rewards locked to their “owning” client ID, but all clients being able to process the redemptions, for example.
Or some kind of “permitting” another client to affect other rewards.

Let’s see where this goes, the API still quite new, a lot might change :slight_smile:

There are potential security issues with apps being able to whatever they like with other apps rewards.

For example it would be possible for one app to delete all rewards from other apps and just create its own. This would lead to a bad user experience as the user would have no way to know that it was one app deleting all the others rewards, or the other app having a bug and not being able to make rewards.

An app may bug and redeem/cancel ALL redemptions which currently would be limited to just its own redemptions so could be handled, but with unrestricted access to other apps it could remove all of their redemptions before they have been appropriately fulfilled.

Why don’t you simply have a ‘create new reward’ button, and then the broadcaster can go to their dashboard and update that reward your app has create with the values that they want that reward to have? There’s no need to design an interface for that, it’s how I’ve done StreamDeck integration with the new Channel Points system and it works quite well without any need for any external site.

This is an extremely flawed argument on all fronts. An app deleting every single channel point redeems would have very little impact on a streamer. Compare to stuff that can already be done with minimal scope rights, you realize that anyone can make it so their app deletes EVERY SINGLE of your followers and is irreversible right?.. now that’s something that’s extremely detrimental to any streams, and career-ending. Deleting all channel points is nowhere near that and shouldn’t be a concern considering their impact on someone stream quality or ability.

And just having something as simple as a button is not possible for some implementation, and is confusing for the end user. The amount of people that don’t even understand channel point is quite high. let’s not make it more confusing for them. I can already hear the common streamer being like
“why can’t i create it myself, why do i have to create it through this button, i already created it myself why do i have to do it again?!”

You seem to think little of your users if you think they’re not capable of understanding Channel Points or editing a few simple values, which is much simpler than installing/configuring/activating most extensions.

Dismissing the security issues just because your app design doesn’t fit will with the current system doesn’t mean the concerns aren’t valid and would impact others on the platform other than users of your app.

Anyway, if you think there’s a valid use case and demand for your suggestion, make it at the proper place on UserVoice that was previously linked in this thread as that’s the appropriate place for feature requests.

1 Like

Or look at it another way.

Two ClientID’s try to change the price of the same product at the same time. And when one wins, the other kicks in to set the price back again. And so on.

It’s not just a matter of all items being deleted but Two or more ClientID’s trying to edit the same reward.

Same issue comes it two clientID’s are handling redemptions, one decides to refund/cancel as you are out of stock, and the other accepts as you are in stock. Which one wins?

This is why the API is setup to only allow ClientID’s to modify and manage the things they have created.

Not just to prevent rogue deletions but two Client’s trying to write to the same reward/redemptions

Example:

You add an Twitch extension, that Twitch extension adds channel point rewards for that extension.

A minute later your ClientID cronjobs, and decides to delete rewards it doesn’t have on file/thinks should exist.

The Twitch Extension no longer operates correctly because your code automatically deleted the extensions rewards.

Please don’t post here if you are going to claim this is for security or throw half baked arguments.
The first post made sense, twitch just made it, its a bit restrictive right now, maybe they’ll change it later.
let’s leave it at that.

It’s not for you to say what people can or can’t post here. Some of us have many years of experience working with the Twitch API, and in some cases closed beta testing on these products, so we do have insight and experience of the potential implications your suggestion has had.

Maybe Twitch will take your feedback on board and find a way to better handle this, or maybe they wont. Either way it’s perfectly reasonable for people to voice reasons as to potential problems, and just because you don’t like other peoples insight on the matter if it goes against what you want to do with your own app regardless of what other peoples implementations are that doesn’t mean our posts are any less valid and worthwhile to anyone else reading this thread.

The point was that most streamers have zero programming knowledge and want simple straightforward things. They do not want lengthy tutorials on how to use an extension. From my own experience they often don’t even understand or know about Twitch API, so the fact that they have to create a reward first before being able to edit it through the extension just complicates things too much to implement it in the first place.
Unless you want to volunteer to answer 100 questions a day, “Why is it not working for me?”.

Then how do you expect the very same streamers to create code to process channel point rewards?

You just answered your own problem with the same problem.

The documentation clearly states

Returns a list of Custom Reward objects for the Custom Rewards on a channel. Developers only have access to update and delete rewards that the same/calling client_id created.

and

Returns Custom Reward Redemption objects for a Custom Reward on a channel that was created by the same client_id .

Developers only have access to get and update redemptions for the rewards they created.

So if you the streamer are reading the docs for getting/updating a Reward. Then it should be clear that you need to create it via the API also.

Sure that is what many of us sit on the forums of Dev Discord to help with

We spent a great many time dealing with the oAuth requirements of Helix when that was introduced, this will just be the same thing for us third party devs that take the time to help others.

Now in the example of an extension.

The moment you install the extension, you’ll get sent/suggested to go to the config view to configure the extension.

The config view will then prompt for authorization to read/write channel points.

The extension will then auto create the channel point rewards it needs

The extension will then tell the user in the config view they can use the “normal” channel points dashboard to modify the reward, such as pricing or images for that reward. (or yeah have a customized widget in the config view to modify pricing since the API doesn’t let us set images)

So it’s all “one click” for the example of an extension.

The same extension can then auto turn off the channel point rewards if the “game”/whatever for that extension is disabled.