1

I'm trying to list active Twitch streams from a Game ID.

My code goes as follows:

$ch = curl_init();
$URL = 'https://api.twitch.tv/helix/streams?game_id=3412';
$X = [
    'Authorization: Bearer {Client Secret}',
    'Client-ID: {Client ID}',
];
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_HTTPHEADER, $X);

$result = curl_exec($ch);

The result should be streams for Grand Theft Auto III, however the response I get is this:

object(stdClass)[121]
  public 'error' => string 'Unauthorized' (length=12)
  public 'status' => int 401
  public 'message' => string 'Invalid OAuth token' (length=19)

I've generated a new secret and verified my Client ID was correct. I've been following this documentation: https://dev.twitch.tv/docs/api/reference#get-streams

Scratching my head over here, I've done this before on the old API. I've found various people with the same problem, but not able to replicate any of their solutions. Anyone have any idea? Thanks.

Jake
  • 1,469
  • 4
  • 19
  • 40
  • I believe the KEY in Authorization is not same as KEY in Client-ID – codeomnitrix Oct 13 '20 at 03:02
  • @codeomnitrix Sorry for the confusion, I am sending my Client ID and the Client Secret separately, my original post made that confusing and I am updating it. – Jake Oct 13 '20 at 03:05
  • Everything looks fine. You just need to triple-check that you're setting the right values for the bearer token and client ID. Make sure you haven't accidentally copied any whitespace characters or anything like that. – Phil Oct 13 '20 at 03:09
  • @Phil I've checked and ran it through a console just to be sure something isn't being fudged by PHP. I've also tried several examples they've listed, using my own tokens and nothing seems to work. Run out of ideas. – Jake Oct 13 '20 at 03:13
  • Have you tried your tokens using `curl` or Postman? – Phil Oct 13 '20 at 03:16
  • @Phil Both actually. I get the same response in both cases. – Jake Oct 13 '20 at 03:19
  • Then it's nothing to do with your code. The tokens you're using are just not correct. There's nothing anyone here can help you with (unless you want to share your actual tokens). Can you open a support issue with the API provider? – Phil Oct 13 '20 at 03:21
  • @Phil Afraid you'd say that. I'll have to contact them. I've tried making a new application and nothing is working. Will report an update if they have anything to say on it. – Jake Oct 13 '20 at 03:22

1 Answers1

1

You need to get an authorization token, which is separate from the client secret, for use in the Authorization header. Client credentials flow is the easiest of the three supported and fitting for backend API calls that aren't done on behalf of any particular user.

3ventic
  • 1,023
  • 1
  • 20
  • 32