Get Moderators 401 Error

Hello everyone,

I’ve been trying to learn through the Twitch API docs the last few days, and I’ve hit a point where I’m struggling to retrieve a list of moderators. I’m getting a 401 / Unauthorized error, with an invalid oauth token error… I’ve tried both of the user access tokens, but I did notice on the docs it mentions:
" broadcaster_id must match the user_id in the auth token. 1"

So does this mean that this GET request is limited to the broadcaster themselves, or is there a way to GET the broadcaster ID? If I wanted to get a list of Shroud’s mods… I wouldn’t have to have some sort of access ID from him would I?

Just to add, I have my Client-ID and Authorization headers, and I’ve been using postman to learn.

If you wanted to get a list of Shourd’s mods, you would need Shroud to go through your apps OAuth flow, with the moderation:read scope, to grant you an access token that you can use to get the list of mods for his channel.

It’s the same for endpoints such as Get Broadcaster Subscriptions, you need the broadcaster themselves to grant you access to that data, you can’t use a token from your channel to access someone elses data that’s behind a scope.

1 Like

Ah okay, so if I wanted to have a web app that had access to that sort of thing, I could create a form where they put their ID and I do the rest in the script?

I guess I could just make some mods and my own channel and then try it that way. How long does the access token last?

Access Token duration is returned when you generate the token.

And can be fetched from the validate endpoint

So I set up a new twitch account to try and do this request on my own moderators, and I’m still receiving:

"error": "Unauthorized",
"status": 401,
"message": "Insufficient authorization in token"

I logged into my account, registered a new app, and sent this to get my Oauth token (I tried both implicit, and authorizatoin code flows), the request I sent was:

https://id.twitch.tv/oauth2/authorize?client_id=rf1123pvpvqytve34c1qn67bij9u&redirect_uri=http://localhost&response_type=token&scope=moderation:read.

That’s not the actual client ID, but with this I received my token, and then sent my get moderators request like so:

Again the client ID and authorization are not the actual ones. If there’s anything I’m missing or more information please let me know, I really appreciate the active people on the twitch dev forums, there’s so much info and so much to learn!

client ID’s are public, there is no need to redact your clientID.

Did the oAuth prompt state that you were asking for the moderator read scope?

Here you seem not have URL encoded the redirect_uri and might have got an unexpected result

You can call Authentication | Twitch Developers to check if the token has the needed scopes, is of type user, and has the user_id 454325344

Your postman call looks to have a bunch of extra headers, including cookies.

If that cookie is a Twitch cookie that might be interferring with the request. You are sending way more headers than is normal for an API call. Unlikely to be a problem but worth it to rule out.

Ah, thanks for showing me the validation request, I checked that out and realized my broadcaster ID was the same as the copy/pasted example!

I’m not sure what you mean by:

Here you seem not have URL encoded the redirect_uri and might have got an unexpected result

Is there something wrong with

redirect_uri=http://localhost

I just followed the docs and aren’t quite sure what url encoding is.

Thanks again, happy to make some progress today.

Without URLEncoding you could end up with a link as follows

https://id.twitch.tv/oauth2/authorize?client_id=rf1123pvpvqytve34c1qn67bij9u&redirect_uri=http://localhost&response_type=token&scope=moderation:read

Which says

item value
client_id rf1123pvpvqytve34c1qn67bij9u
redirect_uri http://localhost&response_type=token&scope=moderation:read
response_type none parsed
scope none parsed

Which would make an invalid link. and thus something else to check when having auth issues such as this

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.