Missing scope: channel:read: subscriptions or channel_subscriptions

Hello There!
I am getting a problem when I am requesting an API

I used client-id, Authorization token, also scope. Everything is ok. I am getting data with this token from
other APIs. So what is the problem? I am confused

Always it is giving me this error:

“error”: “Unauthorized”,
“status”: 401,
“message”: “Missing scope: channel:read: subscriptions or channel_subscriptions”

Please give me the solution

Are you using a User token, from the Auth Code or Implicit flow?

If the your token works fine for endpoints that don’t require user permissions, it’s likely you’ve used the Client Credentials flow and generated an App token, which can’t have scopes as it doesn’t represent a user.

I am using "https://id.twitch.tv/oauth2/token "
with client_id, client_secret, grant_type, and scope.

is it not ok what should I use?

Are you using grant_type=client_credentials? If so, that’s an App token and as it doesn’t represent a user it wont work.

Yes, I am using “client_credentials”. What should I use?

Authorization Code and Implicit are the two OAuth flows that require user interaction, and explicitly granting permissions for your app based on the scopes you requested. The Auth Code flow is mainly for server-side requests, where as the Implicit flow is for client-side requests, such as a user on a website making requests from that webpage itself.

The User tokens from these flows allow you to use endpoints that require scopes. So if for example you wanted to get the subscriber list for broadcaster_id=1234, you would need user 1234 to go through one of those OAuth flows for your app and it will give you a User Access Token for that user, with the requested scopes.

The Client Credentials flow generates an App token, because it requires no user interaction there is no point at which a user is actually connecting to your app or explicitly agreeing to permissions, so these tokens are mostly used for making requests that do not require any permissions as they are a token that represents your app.

If you don’t mind can you explain in an easy way looks complex to me. Actually, I need the subscriber count.

The documentation walks you through it step by step.

Essentially, it breaks down to:

  1. Send the user to the auth URL in their browser.
  2. The user will see a screen showing the name of your app and what permissions you’re requesting.
  3. The user accepts those permissions and is sent back to your Redirect URI.
  4. If you’re using the Auth Code flow, you’ll have a code that your server can exchange for that users token. If you’re using the Implicit flow the user will have the token in the URL hash which they can use on your site.

Sorry the thread is already closed, but I encountered the same issue. How is it then possible that there are bigger external twitch statistics page with subscriber counts even tho the user don’t actually gave them their permission? I mean it’s possible to get the followers I dont quite understand why the subscriber count would need their permission too. I understand that you would need that to get the actual user that subscribed, but for the total_count too?

They read from public data in chat.

And thus are inaccurate, as that data is incomplete.

Subscribe count means you can estimate how much money someone makes, and people in general don’t want you to know about their income. As thats private information.

1 Like

That (both) makes sense, thanks! :slight_smile: