Error 401 with new API

Hello,

Since the update, all my api are crashed, what should I add ? I’m french I don’t understand well the documentation, here is my code that worked before the patch.

$.ajax({
	dataType: "json",
	url: "https://api.twitch.tv/helix/streams?first=6&language=fr&game_id={{ gametwitchid }}",
	headers: {
				"Client-ID": "myIDkeyclient",
		},

Thanks for help

You need to add the Authorization: Bearer <YourOAuthToken> header.

Here are the step by step guide on what to do: https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-client-credentials-flow

1 Like

Thank you for your answer, like this?

				headers: {
					"access_token": "mytoken",
					"Client-ID": "myid",
					"token_type": "bearer",
				},
				headers: {
					"Authorization": "Bearer mytoken",
					"Client-ID": "myid"
				},
1 Like

Thanks for the feedback, but it’s still broken since the patch now I have error 401
{“error”:“Unauthorized”,“status”:401,“message”:“OAuth token is missing”}

dataType: “json”,
url: “https://api.twitch.tv/helix/streams?first=6&language=fr&game_id={{ gametwitchid }}”,
headers: {
“Authorization”: “Bearer mytoken”,
“Client-ID”: “myclientid”,
},

“mytoken” is a generated token and not your client secret?

1 Like

this one we’re okay with?

That is your Client Secret, you use the Client ID and the Client Secret to create an oAuth token,

Then you use that generated token

As Dist linked to earlier

1 Like

it’s complicated the… everything worked fine now I have my whole site in PLS :S I don’t even know how to do that…

You appear to be doing this via jQuery .ajax

That is front end logic, so that would suggest you need an implicit oAuth code (via making users login via Twitch)

But if you are displaying streams on a website, then it’s more performant to collect the streams you want to show using a cron job, and cache that information on your server, so your website loads from that cache instead of polling Twitch every page load.

1 Like

Do you have any idea how to disguise the returned Token authorization?

disguise? What do you mean disguise?

1 Like

Hide* sorry

Again not sure what you intend to do by hideing it?

Since You are all front end code here, you can’t hide anything.

1 Like

Are there any security problems? I only use it to display channels via twitch, no link with the database or other.

If users login to your site and you use the users token, thats fine.

If you generate an App Access Token and use that, then thats a problem as you are leaking, what is essenitally a password. And you’d have to leak your clietnt secret, to generate the App Access Code in front end code

1 Like

In summary:

My site doesn’t use any api twitch login or password for users.
The API only displays frontend strings without any link to the site’s database.

Then you need to refactor your code, so your front end calls your backend and the backend calls Twitch.

Your frontend can no longer call Twitch directly

1 Like

Ok thanks :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.