[SOLVED] API 401 unauthorized

I keep getting an unauthorized error with simple requests on postman.
It worked fine two months ago but it suddenly doesn’t work anymore.

This is what I have for the request and the access token is the client secret for the application.
I have no idea what’s wrong about this request.

Show us your headers. The Client-ID or Authoization header is likely missing or expired.


the blue marked off part is the client secret.
I thought the client-id cannot expire?

When you get a 401, the body returns a error message.

Check that for the reason


This is what I get and I don’t get why I get it when everything seems right to me

Client ID does not expire but your OAuth token will which is likely the cause of the issue. Try requesting a new one and running it again.

It won’t let me get a new token.
Here’s the token credentials:

and here’s the response I get from requesting a new token:
image

Is the access token url the issue? I testing this locally so I feel shouldn’t be an issue but idk.

Yes, the URL is the issue. You’re trying to send a request to yourself lol. To get a an OAuth token from Twitch, you should be sending a POST request to https://id.twitch.tv/oauth2/token with all the required data, as specified in the docs https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#oauth-client-credentials-flow

1 Like

Nooby mistake lol. Been fumbling around API by myself without too much guidance so I appreciate the help everyone’s been giving. :slight_smile:

When sending client I’d in your headers, it needs to be Client-ID not client_id… You only use the snake case when sending it as a query string param…

EDIT: I may be wrong, but it looks like you’re sending it in both the headers and in the query string… I believe that it looks at headers before query string, but Twitch staff would have to confirm or deny that

I fixed the issue. The issue was that postman works in a weird way so I had to request an access token with a POST request like Dist said as opposed to using postman’s system of requesting an access token.
I appreciate the help nonetheless :slight_smile:

Your client Id header is still wrong tho.

@Ague is right. it has to be Client-ID.

The only reason it works here is bcs your access token is actually valid now. If you provide a valid access token the api infers the client id from the access token.

You maybe want to keep this in mind if you ever do requests without an access token

That header was automatic by postman. I did not manually put that in but thank you I’ll keep that in mind

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.