Making Requests Without OAuth

I’m trying to get a users follower count, this is public information so I don’t see the user needing to login to their Twitch account or anything like that. The code I’m currently using is as follows:

url = ‘{self.username}’.format(self=UserAccount)
headers ={‘Client-ID’: ‘#CLIENT ID HERE#’}
requests.get(url=url, headers=headers)

I am replacing #CLIENT ID HERE# with my application Client ID.

The result I get from this is

b’{“error”:“Unauthorized”,“status”:401,“message”:“OAuth token is missing”}’

How do I get an OAuth token as I don’t think the user will want to verify an account for just getting ‘public’ information?

You will want an app access token, being handled in the background, inaccessible to the users.

Hi Matt,

Thanks for the quick reply. I’ve tried the links above however when I make my requests I get webpages back instead of the auth token? I’m using http://localhost as my redirect if that has any impact?

url = ‘
header = {
‘Client-ID’: TwitchService.clientID,
‘redirect_uri’: ‘http://localhost’,
‘response_type’: ‘token’,
‘scope’: ‘’
requests.get(url=url, headers=header)


You’re getting a web page because you need to actually send the user you need an OAuth token from to that URL. Once their on Twitch they’ll see a confirmation box asking if they wish to grant your app whichever scopes you’ve requested, and then they’ll get redirected to your redirect URL.

Alternatively if you don’t require any user scopes, and are doing this on your server, you can use the Client Credentials flow to generate an App Access Token, which doesn’t require user interaction.

Fantastic! Thank you so much for pointing me towards the Client Credentials flow, I think this is exactly what I was looking for. The next issue I’m getting is that I’m getting an Error 400 when using the following code:

url = ‘
header = {
'client_id ': TwitchService.clientID,
‘client_secret’: TwitchService.clientSecret,
‘grant_type’: ‘client_credentials’,
‘scope’: ‘viewing_activity_read’
response =, headers=header)

As far as I can see I’m mimicking the request that is being shown on the website using the same URL and names for fields, sorry if I’ve missed something obvious with this and thanks for the help so far.

I’m referencing the guide here:

That should be a URL and parameters, not headers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.