Helix searching user by username returns 401 error

Code that causes the issue

    link = 'https://api.twitch.tv/helix/users?login=thekill_996'
    accept = 'application/vnd.twitchtv.v5+json'
    client_id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    async with aiohttp.ClientSession() as session:
        async with session.get(link, headers={'Client-ID': client_id, 'Accept': accept}) as r:


<ClientResponse(https://api.twitch.tv/helix/users?login=thekill_996) [401 Unauthorized]>
<CIMultiDictProxy('Connection': 'keep-alive', 'Content-Length': '72', 'Access-Control-Allow-Origin': '*', 'Cache-Control': 'no-cache, no-store, must-revalidate, private', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '0', 'Pragma': 'no-cache', 'Server': 'envoy', 'timing-allow-origin': 'https://www.twitch.tv', 'twitch-trace-id': 'bdb3f5f7e9c1adbc66048e21e85ecf3c', 'x-ctxlog-logid': '1-5ebb1757-6fc2d4e727f2d1c289b266d3', 'Date': 'Tue, 12 May 2020 21:38:31 GMT', 'X-Served-By': 'cache-sea4438-SEA, cache-fra19126-FRA', 'X-Cache': 'MISS, MISS', 'X-Cache-Hits': '0, 0', 'X-Timer': 'S1589319511.178822,VS0,VS0,VE152', 'Vary': 'Accept-Encoding', 'Strict-Transport-Security': 'max-age=300')>

You’re not sending an Authorization header with an OAuth token, as specified by the new requirements announced months ago that recently went live.

Also, unrelated to the issue, you’re sending the Accept: application/vnd.twitchtv.v5+json header, which is completely pointless as that’s only for Kraken, and doesn’t do anything on Helix.

So from now on every time I’d like to do a request to Twitch API, I’ll need first to ask for a new token?
How can I do that?

Btw thanks for the help

You don’t need a new token for each request you make, you can use the same token as many times as you like until it expires.

Documentation for getting an OAuth token is explained here: https://dev.twitch.tv/docs/authentication

if the token has expired, what will return a call to Twitch API?
So I can handle the error and ask for a new one…

it’s been half an hour and I can’t understand anything on this new Authentication thing

a HTTP 401 like what you got from specifying no token at all.

First you need to determine if you need a token that represents a user, or just a server ot server token that lets you fetch public data, give you are calling a user by login you probably need an app access token, that is documented here

Make a POST request, get a token, back maintain that token (it expires every 60 days or so), use that token with your requests to the Twitch API

Don’t need this header with Helix

The requestes I use to do to Twitch API are

Perfect I’ll handle them requesting a new token

Gotcha, thanks

I’ve also discovered that I need a client_secret where should i pick it? Never used before…

On your Developer console over at Twitch Developers

So this endpoint no longer works without OAth? When was this change made? It used to only require a client id. Why does it now require OAth? That makes it pretty annoying for application developers to use this endpoint…

The change was permanent on the 11th

All helix endpoints now require an oAuth token to be present

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.