Can't read channel bans with moderation:read permission

Pretty much as the title says, from my application I can’t read channel bans even if the access token has the moderation:read scope granted. Whenever I try to do a request to this endpoint<channel_id>&user_id=<user_id>

where channel_id is the ID of the broadcaster channel and user_id is the ID of the user I want to check if is banned. In the header I’m passing the application Client ID, the application/vnd.twitchtv.v5+json Accept header and the access token of the broadcaster with the moderation:read scope granted with OAuth. Is something missing from the request or is something going on? Because it worked until today with no problem. It also refreshed the token several times before today, so I don’t know if it could be related to the refresh token endpoint not returning a correct token

You don’t need this header with Helix

You should use the validatity endpoint

To confirm your token is correct, for the right user_id (broadcaster_id) and has the scopes you think it does.

Whats the actual error message are you getting?

Similar code flow is working as expected here!

From the validate endpoint I get this response

    "client_id": "my-application-client-id",
    "login": "channel-name",
    "scopes": [
    "user_id": "channel-user-id",
    "expires_in": 9710

Of course I’ve changed the details about the various IDs, but as you can see the scope is right. However from the above endpoint I get this

    "error": "Unauthorized",
    "status": 401,
    "message": "Missing scope: moderation:read"

The authorization token used in both cases is, of course, the same

Very odd, looks like you have a correct token (user token not app access), but the API rejects it.

You sure your code doing the call to the ban’s API is using the right token in case you have multiple in play?

Aside from that it’s a really odd issue. Try running the call manually cURL on the command line, to check if it’s the token or your code.

I’m actually trying the calls from postman. However I tried using curl and I get the same 401 error

Helix uses "Bearer " not "OAuth " in the header.

There is your issue

Authorization: Bearer YOURKEY


OAuth is OAuth

The prefix is irrelevant.

It’s still an OAuth key, but helix requires the prefix to be “bearer”

You’ve misunderstood the announcement.

It’s even in the example in that very post

Soon all calls to Helix will require the use of an OAuth token, Helix uses the word “Bearer” as the OAuth prefix

1 Like

Yep, look like I totally did :sweat_smile: Still strange because it used the OAuth prefix until today and has no issues :man_shrugging:

Then that shouldn’t of worked at all.

Helix has already required Bearer, and if Twitch snuck in a bug, they have now fixed that bug

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.