I assume this is largely my unfamiliarity with OAuth2, but I’m finding some of the docs/error reporting to be pretty frustrating.
For example, if I pass
'Client-ID: <my client id>' as a header to helix/users, I get the error:
Must provide a valid Client-ID or OAuth token
Which made me think my Client-ID was faulty.
The docs specify nothing about Client-ID, putting them at odds with the error message:
curl -H 'Authorization: Bearer cfabdegwdoklmawdzdo98xt2fo512y' \ -X GET 'https://api.twitch.tv/helix/users?id=44322889'
(the example request)
And the only mention of Bearer token usage is as in a user’s token, to look up a single user without id or username.
Of course, in the end, it wants a user token for single user blind lookup, an app token for lookup-by-id, and has no interest in your client id whatsoever.
It would save some head scratching if a) the error message wasn’t misleading and b) the docs differentiated between when an endpoint wants a user token or an app token, and in the case of it accepting both, the use case for each.