Valid OAuth token with bits:read scope required

I want to get it through New api for Bits Leaderboard,and it need " Authentication Required scope: bits:read".
I try to do:

curl -X POST “https://id.twitch.tv/oauth2/token?client_id=a5l705mhq23b6qgshw7tehhmrpekx4&client_secret=4vqpm1ah0ohqwvrhot6pg8zeozd4l7&grant_type=client_credentials&scope=bits:read

{“access_token”:“ve282j73b2hd6fmnfkr2re2t3nztta”,“expires_in”:5146367,“scope”:[“bits:read”],“token_type”:“bearer”}

curl -H “Authorization: OAuth ve282j73b2hd6fmnfkr2re2t3nztta” https://id.twitch.tv/oauth2/validate

{“client_id”:“a5l705mhq23b6qgshw7tehhmrpekx4”,“scopes”:[“bits:read”]}

it tell me the access token is ok ,but:

curl -H “Authorization: Bearer ve282j73b2hd6fmnfkr2re2t3nztta” -X GET “https://api.twitch.tv/helix/bits/leaderboard?count=2&period=week

{“error”:“Unauthorized”,“status”:401,“message”:“Valid OAuth token with bits:read scope required”}
I do not know why,thanks for answer.

Never ever post your Bearer token publically. Please revoke this key immeditely

You requested client_credentials, which as per the docs

Is an authorisation for your Application/Server/ClientID/Not a Person

As mentioned earlier, app access tokens are only for server-to-server API requests. The grant request below requires the client secret to acquire an app access token; this also should be done only as a server-to-server request, never in client code.

To follow up:

Authenticate your app and allow it to access resources that it owns. Since app access tokens are not associated with a user, they cannot be used with endpoints that require user authentication.

You requested an oAuth for your “application” and your “application” doesn’t have a bits program.

You need to do, OAuth Authorization Code Flow:

To get a User Authorization

Thank you,but I have a new problem.when I do:
curl -X GET “https://id.twitch.tv/oauth2/authorize?response_type=code&client_id=ckuuado6ptj1vkb1t3fc1e6rhn4sji&redirect_uri=http://localhost&scope=bits:read

It reminds me that “oauth_request=false” and no return code.
Found.

You need to redirect the User to this URL in order to authenticate.
You should not perform a cURL fetch upon it.

Thanks.I don’t know users means,is the person who I want to collect information from? I just want to collect information about score and broadcasters from New Twitch API. It requires “Authentication Required scope: bits:read”.So I do not know why redirect users to URL.And the docs’s example used curl.

In order to get information about the streamer cohhcarnage, cohhcarnage needs to have authenticated. If you authenticate as yourself, you cannot get cohhcarnage’s bits leaderboard.

You need to perform an oAuth dance with the person you wish to obtain the bits leaderboard for. So you give that person/streamer your webpage, and then they go off and authenticate and then you have a access token to use

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.