Can i use App Token with no scope on client side

Hello, with recent change on API Helix : Auth require everywhere. i cant get stream data on client side (JS) for a website.

Can i generate on server side (with secret) a App Client Token and expose it to my JS if it dont have any scope ?

No, an app access token, like any other kind of token, is technically a password, and should be treated as such.

The app access token, does not below to the user using your website, so the user should not be given that “password”

1 Like

So, with last API change, we cant do any request issue from web app ?
I only need “public” data, i must proxy all my query with a backend ?

Yup, or have the user login

It make no sense to require login with twitch account on my website.

So, I will proxy each request,

Opinion: auth requirement everywhere sucks. many system allow client side requesting, twitch has destroy some usecases with that

Perhaps, but if you server can cache the results from some API calls, or even utilise webhooks instead, then your website can run more quikcly

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.