Get streams by catergory and nothing else

I made a script to

  • gather game names and id and create a local cache with possibility of rebuilding it;
  • select categories;
  • paginate results of streams within any of those categories
  • stream via mpv

This worked lovely until today. I had to register to with throwaway emails and phonenums just to get another client id and see why it wasn’t working. And I still don’t know. Reading the doc thru, the only thing that comes to mind is that the API change isn’t discrete, but rather continuous and something new was implemented.

I’m no develeoper, and don’t deal with API often, so getting it without examples is hard. From what I gather, I need an app access token, because the thing should literally just scrape, though that didn’t work too well for me when I tried it. No logins, posts, emails, markers- just the Get Games Top and Get Streams methods. What exactly am I missing?

The ‘code’ is here.

This doesn’t help. Using a throwaway email prevents Twitch from contacting you, when changes occur

Let alone your username is 2eZVNjZr1VWVI5UAESzC why are you trying to hide so much?

Covers the changes needed to talk to Twitch.

This can be all collected via an App Access Token, there is no need to create throw away emails, and register additional clientID’s

There are no documented API’s to obtain a stream via MPV encapsulation, or into the MPV player

You’re being very unhelpful. I still don’t know what to POST to id.twitch.tv. An example of the command would be helpful in the official documentation. I’ve been staring at it for 2d.

Only email address is needed for a Twitch Account.

2FA helps to protect your account and thus mis use of the API, if you account is broken into.

Covers the relevant documentation for an App Access Token.

Playing a stream via MPV player could constitute a violation of the Twitch TOS or Twitch Developer TOS.

curl -X GET 'https://id.twitch.tv/oauth2/authorize?response_type=token&client_id=jzkbprff40iqj646a697cyrvl0zt2m6&redirect_uri=http://localhost&scope=viewing_activity_read&state=c3ab8aa609ea11e793ae92361f002671'
yields
<a href="https://www.twitch.tv/login?client_id=jzkbprff40iqj646a697cyrvl0zt2m6&amp;redirect_params=client_id%3Djzkbprff40iqj646a697cyrvl0zt2m6%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%26response_type%3Dtoken%26scope%3Dviewing_activity_read%26state%3Dc3ab8aa609ea11e793ae92361f002671">Found</a>.
I don’t know what to do with this, unless the state is the token.

As per the docs

POST https://id.twitch.tv/oauth2/token
    ?client_id=<your client ID>
    &client_secret=<your client secret>
    &grant_type=client_credentials

As already linked to both in the announcement thread and earlier into this thread

State is to be used to prevent CSRF attacks against your own website when performing user authentication against your application.

Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response. We strongly recommend you use this.

1 Like

I received a token, thank you.

Lastly, a question- given this information doesn’t require user login, why is so much overhead required? Requests can be limited in both cases, right?

Probably because people keep registering throw away emails to get clientID’s or people are stealing other people’s clientID’s to make requests.

I don’t know why Twitch has made this change but you do get a better rate limit with an Auth token, and an auth token means it’s actually you that made the request, so if there is an issue with your calls, or your clientID is misused, it’s easier to contact the owner of the clientID. Since to generate a token means you have access to the secret. And to have the secret usually means that Twitch has your confirm email on file.

But if you are generating throw away emails you are doing your self a disservice by making your self unreachable.

To quote yourself:

You are sticking your nose into Twitch’s API, it’s only “fair” Twitch can do the opposite, if at least only Twitch can notify you of problems and changes to the API.

TLDR: the change is probably about about verifying identity of the user making the request. And you are hiding yours

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.