PubSUB gone wrong


Dear all,
I’ve been following the
example, managed to setup the Dev Rig, generate the Client ID, ownerId and secret
EXT_CLIENT_ID: ej8Iwp02QO0sOlswrIO5sDrC5Khr6U
EXT_SECRET: kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
EXT_OWNER_ID: 402464751

  • wire the backend with correct JWT schema.

Now I am stuck at the sendColorBroadcast function
which POSTs to${channelId}
My problem is that I face
{“error”:“Bad Request”,“status”:400,“message”:“Invalid client id specified”}
response everytime I make a call:

let testCast = () => {
  const headers = {
    'Client-Id': "ej8Iwp02QO0sOlswrIO5sDrC5Khr6U",
    'Content-Type': 'application/json',
    'Authorization': bearerPrefix + addJWT()

const body = JSON.stringify({
  content_type: 'application/json',
  message: JSON.stringify({"test": "set"}),
  targets: [ 'broadcast' ]

const result = request(
      method: 'POST',
  , (err, res) => {
      if (err) {
          console.log('Message send error', channelId);
      } else {


let addJWT = () => {
  const payload = {
    exp: Math.floor( / 1000) + 50000,
    user_id: "402464751", // extension owner ID for the call to Twitch PubSub
    role: 'external',
    channel_id: "265737932",
    pubsub_perms: {
        send: [ "broadcast" ],
  const key = "kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk";
  const secret = Buffer.from(key, 'base64');
  return jsonwebtoken.sign(payload, secret, { algorithm: 'HS256' });

I checked the ClientId, it matches the Dev Rig. Hardcoded Client-ID it into the header data, generated new project with new credentials, but still am getting this error.
I am at a loss . Do I need to login auth my Client-ID ?
or do I need to generate credentials via (bypassing Dev Rig) to make the valid?

Any help greatly appreciated,


Some things to check:

Make sure there is a space between bearerPrefix and addJWT().

Your leeway of 50000 is rather large. It’s recommended to not be more than a few minutes.


‘Authorization’: 'Bearer ’ + addJWT()

Looks to be the only issue, and you are getting a slightly confusing error response. As it’s parsing the Bearer/JWT and determining the ClientID from that. You should probably add an Accept header also

NodeJS Sample:

    var payload = JSON.stringify({foo: 'bar'});{
            url: '' + config.twitch.streamer_id,
            headers: {
                'Accept': 'application/vnd.twitchtv.v5+json',
                'Authorization': 'Bearer ' + sig,
                'Client-ID': client_id,
                'Content-Type': 'application/json'
            body: JSON.stringify({
                message: payload,
                content_type: 'application/json',
                targets: ['broadcast']
            gzip: true
        }, function(e, r, b) {


It’s unclear, since the OP didn’t provide the definition to bearerPrefix. That is, it could be correct.

Moreover, large leeways or varying leeways can cause issues, so that is a possibility as well to check.


Perhaps, but the error did not specify the JWT or the time was invalid.
It reported that:


@dash and @BarryCarlyon
Thank you for taking your time to review and comment on my thread.
Did as you suggested, however the issue resolved itself when I decided to register mock up extension at dev.twitch portal (ht to @BarryCarlyon for zeroing on Auth header) rather than using the DevRig generated one.
PubSub was more than happy to accept the former.

Once again thank you for your time and Happy New Year,


Yeah any key in the dev rig is legacy mock/test stuff for the old local mode. It works better with “live”/real keys