Proper authentication method for a server application that runs as my own Twitch account?

Hi folks,

I’m looking over the various authentication options for the API. I’m writing a server application that I just want to run and have it go out and fetch some API data about my own Twitch account. My application does not ever need to allow other users authenticate via it, etc, as run-time.

Which authentication method is most appropriate?

I see OAuth, which seems more for an application in which multiple twitch users could authenticate and use my app? That’s not going to be my use-case. Should I still be going with that OAuth approach? Ideally, I’d not have to open a browser and authenticate as part of my run-time flow.

I also see that registering an app required the callback URL. Ideally my application wouldn’t need to expose an HTTP endpoint and sit and listen. I just need it to fetch some data. Is this the only way?

Is there not just a simple API token that every twitch account has that gives me access to the API through my own personal account?

Thanks!

EDIT: Nevermind. I would delete this if I could. I think I’ve figure out how to do what I was thinking. There is the final approach where you can just get an access token using your app access tokens.

1 Like

Nope

Pretty much

That would be easiest.

You’d only have to authenticate once, and then make sure to refresh the token when it expires as per normal oAuth work flows.

Twitch offers a few options, but plain normal oAuth is the easiest.

What did you go for in the end, so others who find this thread have an answer?

Barry,

I ended up using the app token workflow, as linked to below. It doesn’t involve the traditional, two step authorization workflow of OAuth that you see on websites, etc. It’s definitely targeted at applications that just need an access token for themselves and will never need to work on behalf of many users.

1 Like

App access token authenticates the application. It does not let you access user auth-gated resources, even from the user whose application it is.

@3ventic

Let me just ask this, then. I just want my application to run once and in that run fetch the most recent follower name and the total count of followers.

Which auth approach is ideal for that type of application? The “OAuth Implicit Code Flow” looks pretty straight forward for my needs. Is there a reason why I should use the other approach, the “OAuth Authorization Code Flow”?

For just one user and always the same user?

No auth needed at all

GET https://api.twitch.tv/helix/users/follows?to_id=[userID]

You don’t need any OAuth token for that. The follows endpoint doesn’t require authentication or additional scope. The only advantage to using an OAuth token instead of just a client id for your use case would be to have a higher query limit in Helix, but if you don’t need that increased limit you could just stick to using your client id and skipping authentication entirely.

@ryancole this ^, but app access token can give you better rate limiting, if that’s a concern for you, so app access token would work for you here.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.