Client-ID Requirement FAQs

This was extremely helpful. Thanks!

Thanks a lot for the reply! Sorry to bother you guys again. I have like no coding skills at all. :confused: I’ve got my Client-ID and changed it in the example. I just dont know on what exact point I need to paste the code. :smiley:

@MarcelPetzold If you’ve purchased the theme I’m sure the one you purchased it from should be able to assist you with this. They would need to update their theme nonetheless.

Would I be dumb for just leaving the client-ID in my source code for everyone to see? Or should I require everyone to get their own client ID and make my program use that specific ID for requests? What could happen if someones uses my client-ID incorrectly?

Client-Id is public, client secret is private. You don’t need to protect the client id.

If you are passing in an OAuth token, we will figure out the Client-ID for you.

this
https://api.twitch.tv/kraken/streams/kutu182?oauth_token=blablabla

return
{"error":"Bad Request","message":"No client id specified","status":400}

Did you check if your token is valid? I use the same method and mine works fine… I set it up today.

Can confirm, but only for /streams and /streams/:channel.

yes, other requests with token work, except this one

Isn’t the Client-ID meaningless if its public? People could hijack somebody elses Client-ID and get it banned, no?

@hlcws Not meaningless. At its core, it is a tracking mechanism. It allows us to identify and find any offending applications, contact them, see if there is abuse (or an accidentally shipped bug, which happened about a month ago), and help the application get into a good state. It isn’t meant to be something we track and immediately swing the banhammer the minute you start hammering the APIs. It is a point of data used to inform our research and outreach.

Isn’t the Client-ID meaningless if its public? People could hijack somebody elses Client-ID and get it banned, no?

I guess @hlcws meant that anybody could use any valid clientID in his hands to make api calls with this clientID in header, lets say an Android app runs without any authentication some api calls clientsided with an 3rd party clientID in header.
this 3rd party clientID can not be protected from this kind of abuse, and i guerss thats what @hlcws is pointing at.

That’s how I read it, too and how I framed my response. Specifically the part about seeing if there is abuse. If we see an instance of abuse, we can work with the developer to identify and move forward. The alternative here is that we require an OAuth token for every API call. If it becomes a problem, we will work toward addressing it.

1 Like

im trying stream from my elgato capture card; but i get “{“error”:“Bad Request”,“status”:400,“message”:“No client id specified”}” when i try to link my account to twitch via elgato application

thanks

Then you will need to follow this guide to get your Client ID and include it in your request.

I don’t know how Elgato CC’s work so it may be something you can do or for them to update and push.

ok thanks; didnt work cuz i cant input the client id; so elgato will have to do an update

Thanks, i asked him, but he doesn’t reply :disappointed:

Can any of you guys help me? @DallasNChains maybe? I have added an app and created a client ID. I just don’t know where to paste the Code. I already tried everything. Header, API section and stuff…i can attatch screenshots if that’d help.

I would really appreciate help from you guys, because seeing “400” as an title is kind of annoying :smiley:

Best,
Marcel

I’m wondering, do i really need to pass a client-id when using browser? Because, you know, I’m already logged in to my twitch account… And it’s not very comfortable to manually copy my client-id and add “?client-id=blabla” every time.

Anyway, is there a way to make my browser automatically send a client-id as a header when accessing api?

If you are using Chrome, 3ventic just posted this: Client ID Injector for Chrome

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.