I’m looking over the various authentication options for the API. I’m writing a server application that I just want to run and have it go out and fetch some API data about my own Twitch account. My application does not ever need to allow other users authenticate via it, etc, as run-time.
Which authentication method is most appropriate?
I see OAuth, which seems more for an application in which multiple twitch users could authenticate and use my app? That’s not going to be my use-case. Should I still be going with that OAuth approach? Ideally, I’d not have to open a browser and authenticate as part of my run-time flow.
I also see that registering an app required the callback URL. Ideally my application wouldn’t need to expose an HTTP endpoint and sit and listen. I just need it to fetch some data. Is this the only way?
Is there not just a simple API token that every twitch account has that gives me access to the API through my own personal account?
Thanks!
EDIT: Nevermind. I would delete this if I could. I think I’ve figure out how to do what I was thinking. There is the final approach where you can just get an access token using your app access tokens.
I ended up using the app token workflow, as linked to below. It doesn’t involve the traditional, two step authorization workflow of OAuth that you see on websites, etc. It’s definitely targeted at applications that just need an access token for themselves and will never need to work on behalf of many users.
Let me just ask this, then. I just want my application to run once and in that run fetch the most recent follower name and the total count of followers.
Which auth approach is ideal for that type of application? The “OAuth Implicit Code Flow” looks pretty straight forward for my needs. Is there a reason why I should use the other approach, the “OAuth Authorization Code Flow”?
You don’t need any OAuth token for that. The follows endpoint doesn’t require authentication or additional scope. The only advantage to using an OAuth token instead of just a client id for your use case would be to have a higher query limit in Helix, but if you don’t need that increased limit you could just stick to using your client id and skipping authentication entirely.