New API rules breaking old script, help

Hi all,

So I had a little script in our wordpress site to check if our channel is streaming or not, I used this to either embed the stream or show upcoming content. Since it’s wordpress, my script is in php. I tried adding the Auth secret I generated in the dev console, but it’s still not connecting. I’ve read over the docs but I feel like there’s a step I am missing, or just not grasping.

I’m new to OAuth stuff, there’s a lot I’m not understanding, but I’m trying to learn. Can anyone ELI5 how I can get this working again? :slight_smile: All I need to do is see if the channel is live or not, I don’t need to do any user authentication. Here’s what I have (edited secret):

function twitch_stream_live() {

	$ch = curl_init('https://api.twitch.tv/helix/streams?user_login=wishspinner');
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_HTTPHEADER, array(
	    'Client-ID: p8li1rfpjyvhm1626h00ame4ccfh22',
	    'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxx'
	));
	$r = curl_exec($ch);
	curl_close($ch);

	$obj = json_decode($r, true); 

	$data = $obj['data'][0];

	if ($obj['data'][0] ){
		return true;
	}else{
		return false;
	}

}

Your code appears syntactically correct.

What is the error you are getting?

1 Like

Did i understand correctly that you used the secret as the Authorization token?
If so then that’s wrong.
You use the secret to generate App Access Token and then use that as the Authorization token.

1 Like

Ok this may be my fundamental misunderstanding. What is the flow I want then; generate an App Access Token, then based on that response make the API request?

Yes.

Generate an App Access token, using your ClientID and ClientSecret, which gives you an oAuth token to call the API with.

1 Like

Thanks @BarryCarlyon, that’s really helpful.

And thanks for your patience with my newbie questions.

So, in terms of generating the token - most of the docs are covering authenticating users or accessing user data, I don’t need to do any of that - so I’m unsure what the bare minimum ‘stuff’ is that I need there. Tested this, but throws 401. Do you guys see something I’m missing?

$ch = curl_init("https://id.twitch.tv/oauth2/authorize");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$fields = array(
    'client_id' => 'Client-ID: p8li1rfpjyvhm1626h00ame4ccfh22',
    'client_secret' => 'xxxxxxxxxxxxxxxxx',
    'response_type' => 'token',
    'token_type' => 'bearer',
    'redirect_uri' => 'http://localhost/php/twitch.php',
    'state' => $_POST['state']
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
$data = curl_exec($ch);


print_r($data); 
$info = curl_getinfo($ch); 

echo '<pre>';
print_r($info);
echo '</pre>';

Your query string and the url you were sending the post request to were just incorrect.

$ch = curl_init("https://id.twitch.tv/oauth2/token");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$fields = array(
    'client_id' => 'p8li1rfpjyvhm1626h00ame4ccfh22',
    'client_secret' => 'xxxxxxxxxxxxxxxxx',
    'grant_type' => 'client_credentials'
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
$data = curl_exec($ch);


print_r($data); 
$info = curl_getinfo($ch); 

echo '<pre>';
print_r($info);
echo '</pre>';
1 Like

Ok. Really, I can’t thank you all enough for your help.

For the benefit of others trying to implement this update on an old-fangled system, I’ll include my solution below. Note that I consider this incomplete, as I haven’t yet added a fallback in the event of token authentication failure. I’ll leave my comments in place.

I also noticed that it doesn’t appear to update as quickly as before, there is some delay between the time a stream begins, and the time this function returns as true. Any thoughts on why that might be, or something I can do to improve the situation?

function twitch_stream_live() {

	//get an OAuth token from Twitch

	$ch = curl_init("https://id.twitch.tv/oauth2/token");
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_POST, 1);
	$fields = array(
	    'client_id' => '[client id here',
	    'client_secret' => '[app secret here]',
	    'grant_type' => 'client_credentials',
	    'token_type' => 'bearer',
	    // 'redirect_uri' => 'http://localhost/php/twitch.php',
	    'state' => $_GET['state']
	);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
	$data = curl_exec($ch);

	$info = curl_getinfo($ch); 

	$obj = json_decode($data, true); 
	$token = $obj['access_token'];

	if($token){

		// pass the token to ask the Helix API if we are live

		$tw = curl_init('https://api.twitch.tv/helix/streams?user_login=[user login here]');
		curl_setopt($tw, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($tw, CURLOPT_HTTPHEADER, array(
		    'Client-ID: [client id here again]',
		    'Authorization: Bearer '.$token
		));
		$r = curl_exec($tw);
		curl_close($tw);

		$obj = json_decode($r, true); 

		$data = $obj['data'][0];

		if ($obj['data'][0] ){
			return true;
		}else{
			return false;
		}

	} //end if token
	// need to add a fallback for token failure here

}//end function

This is generating a LOT of tokens.

You should generate a token, and use it till it’s close to expirartion, and then generate a new one, if you can.

Thats standard, it’ll take 3-5 minutes (or quicker) for a stream to show as live in the API

You may also be interested in

So twitch can tell you when a stream is live rather than long polling

1 Like

This sounds bad.

It almost sounds like you’re suggesting I should not be running this piece of the works on each page load, am I understanding correctly?

Definitely, I dig using webhooks in JS frameworks, but I’ve never attempted it with Wordpress.

Correct.

Generate a token once, store it somewhere, use it till that token expires.

No need to make two HTTP requests every page load when you only need to do one

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.