I am trying to use the new Channel Points API to create a redemption programmatically when I trigger an event. I am using a JS library called Axios to send HTTP requests. I am unsure if I am getting the correct access_token from the first post causing the error shown below.

axios.post(https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=${client_id}&redirect_uri=${redirectURL}&scope=channel:manage:redemptions)
.then(response => {
// console.log(response.data.access_token)
axios.post(‘https://api.twitch.tv/helix/channel_points/custom_rewards?broadcaster_id={my_ID}’, {
headers: {
“Client-ID”: client_id,
“Authorization”: "Bearer " + response.data.access_token
},
}, {
“title”: “game analysis 1v1”,
“cost”: 50000
}).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.log(error);
});
}).catch(function (error) {
console.log(error);
})

This is the error I am getting from this request
{ status: 401, message: ‘invalid csrf token’ }

Your OAuth process is incorrect, and not as documented https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-authorization-code-flow

If you’re using the Auth Code flow, step 1 is to send the user whose channel you wish to get permissions for to the OAuth link. You don’t make an axios request, you need to send the user to that actual URL.

If the user accepts, they’ll be redirected to your redirect URI, at which point your server can exchange the code for an access token as documented.

Once your server has exchanged the code for an access token and refresh token, then you can make API requests.

Do I have to do this everytime I want to make a request? Or can I reuse the token for an infinite amount of time?

You can use an access token until it expires. With the Auth Code flow, you’ll also get given a refresh token along with the access token so you can programmatically get a new set of tokens when needed without the user needing to go through the process again https://dev.twitch.tv/docs/authentication#refreshing-access-tokens

Do you know of any examples or 3rd party websites that get the access code and refresh code?

I don’t have any examples to hand, as the docs themselves are pretty self-explanatory.

1. Send user to Twitch to request permission from them
2. The user is sent back to your server with a code in the querystring if they accept
3. your server exchanges the code for access and refresh tokens.

For specifics on how you create a web server to handle steps 2 and 3 there are plenty of tutorials on Google, or YouTube, for most programming languages that can host web servers and make HTTP requests.

I did everything you said and got it to work. My issue now is when trying to create a channel redemption I am getting the error shown below.

I used the “OAuth authorization code flow” to get the access token.

axios.post('https://api.twitch.tv/helix/channel_points/custom_rewards?broadcaster_id={Channel_id}', {
                    headers: {
                        "Client-ID": client_id,
                        "Authorization": "Bearer " + access_token
                    },
                }, {
                    "title": "game analysis 1v1",
                    "cost": 50000
                }).then(function (response) {
                    console.log(response.data);
                }).catch(function (error) {
                    console.log(error);
                })

Error:

data: {
error: ‘Unauthorized’,
status: 401,
message: ‘OAuth token is missing’
}

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.