Incorrect user authorization on Create Follows

We are getting the following answer:

{“error”:“Unauthorized”,“status”:401,“message”:“incorrect user authorization”}

The user scopes are:


The body sent is:


What are we missing?

1 Like

I’m assume you are calling the Helix endpoint

you seem to have called the correct scope of user:edit:follows but the error suggests you might have made an App Access Token

instead of user token

Or you have a token for 544955164 instead of a token for 534869164

If you call the validate endpoint with your token?

Do you get a user_id in the response in this case 534869164?

I think I should have explained the situation…

We have an in-game integration with a chatbot. However, we found out that on channels limited to followers, the chatbot is unable to post message.

Do I understand the bearer should be the chatbot itself?

Or is there a simplier solution for having a non-follower chatbot?

  1. ask the streamer to VIP or Mod the bot
  2. generate a user token with the follows scope and make the bot follow the streamer(s)

Yes. The bearer for follows needs to be the bearer for the person whom will follow the target. So the bearer needs to belong to “from_id”

In your example above.

you tried to make

534869164 AKA iridnovo follow 544955164 aka hellpoint

You need to do this using a token that belongs to 534869164

From the descriptions this appears to be the correct direction. So the error suggests theres something wrong with your token as in it’s of the wrong type.

The validate endpoint will confirm the scopes and if it’s of type “user”

Yes, it’s “hellpoint” token, or the player’s token.

I’ll try to figure out how to get the chatbot’s token.

It’s exactly the same you just need to be logged in Twitch as the bot instead of hellpoint.

As your bot token is for completely the wrong user :smiley: if you bot will always be called iridnovo

To be honest, I’m a bit stunned on how I’m supposed to retrieved a token from a backend.
So far, it was done by having the game pop a webbrowser to login in Twitch.

And yes, the bot will always be Irid Novo. It’s the name of the space station in the game.

Game Developers do it in a few ways.

  • in game via the oAuth flow (usually implicit)
  • or the game links to your backend and the streamers can link their account via your website, and the game just loads up that association. (borderlands does this, you login to shift in game, and on the shift website outside of the game you link shift to twitch for example)
  • Or they might just need the broadcasters channel name, so you could just use a blank text field and ask the streamer for their name, then you don’t need oAuth at all.

Sorry, I’m not talking about the streamer. That’s fine, it works. I get the token of the streamers easily using the method of linking to a website after login in Twitch and accepting the scopes.

I’m talking about the chatbot. How do I get a token for the chatbot without having to manually login everytime I need the bot to be up and running?

You do the oAuth flow once

This gives you a user token and a refresh token

Store both, then use the refresh token to get a new token when that first token expires.
The token is only checked for validity when the bot logs into chat.


  • bot service boots,
  • uses the refresh token to get a new token
  • store the new refresh token if one is returned
  • logs into chat using that token

So you use the refresh token to get a new token when the bot connects to chat. (since a normal user token only last four hours)

The bot would run on your server, the game will talk to the server, and tell the server to tell the bot to send a message.
The game wouldn’t login to chat itself.

Backend storing token and refreshing and handling all that… Good thing I was already doing that for streamers with a SQL database. Created a “fake” user that get logged in anytime a real player does.

Thanks, it appears to work.

You created a “App Access Token”

Instead of a user token. So you don’t have permission to edit 534869164 followings as you didn’t authenticate as 534869164

You need to created a User Token

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.