Hello
First of all: I’m not a dev, just trying to apply stuff for my website, learning here and there what I can !
I’m using Helix API using cURL with PHP, along with my Client ID (am I saying this right?) to get a list of some Twitch channel I want to be displayed on my website, depending on if they are online or not.
Problem is that if I refresh too often, or change pages too quickly, I’ve for Failed error 429 message. I think I’m understanding that it’s due to a limitation about the number of request I’m doing (https://dev.twitch.tv/docs/api/guide ?) per IP? Is that correct?
Is there a way to work around that? Cause I’ve got more and more streamers to add there and I don’t want people to have this error message appearing everytime they switch page ? (cause ye, this list appears on each page)
First (again) thanks a lot for your quick answer, really.
What is an “endpoint” ? (sorry English is also not my native language, if this wasn’t clear enough! hehe)
So I should use App Access Token rather than Client ID, right ?
Also, you lost me with cron job but at least, I know that it’s possible to find a solution so I will also try to find something on my side.
Ok I thought I was smarter than that but…
Here’s the code I use to get the info I need, and that works for now… with this very low rate limit.
I thought I just needed to add
The OAuth process is completely separate from requests to the API endpoint.
If you want to use the Auth Code flow, you would follow the instructions here: https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-authorization-code-flow which will send the user to Twitch, if the accept connecting to your app they’ll be redirected back to your website with a code as a querystring param, which your server can then exchange for an Access Token.
Once you’ve got that Access Token you can make requests by using the Authorization: Bearer <Token> header.
Those requests MUST be done server-side as you must not expose your client secret to the client. If you wish to do API requests client side you should use the Implicit Auth Flow https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-implicit-code-flow where the user is redirected back to your website with a User Access Token in the url hash, which the frontend can use as the Authorization header in the same way I previously mentioned.
The OAuth process is the part where I do the cURL?
Yes I read the instructions but to be honest it’s really not clear at all to me…
I understand for the server-side, but first I would need to have a proper code that actually does what I need, and I can’t seem to find how to turn theory intro code…
So only thing remaining is to have this done on the server side and I’m good to go, right ? (as it is, it works, but I understand for security reason I can’t keep it on my webpage directly)
And yeah you shouldn’t leak your generated oAuth access tokens, user tokens are ok since they are the users own tokens. But an oAuth token is basically like a password and should be treated as such.
Doing it server side also means you can minimise the API requests you make as you can cache the data in your server
End of the story:
-I’ve created a .php file containing a script that get the token, and fill in my DB
-A cron in the server gets this done every minute
-on my webpage, I only get some small code that reads the database, and displays it
My page loads soo much faster now, and that works great.
Thank you a lot for your help, I wish I could do something in return ! ahah