New API returns 400 when fetching user information via Bearer token

I’ve been able to allow users to authorize my application on the frontend. I am also able to generate an access token for a given user. However, when I try to fetch the information for the current user (as described here), the API returns a 400 with the message “Must provide an ID, Login or OAuth Token”.

I’m aware of the change from Authorization: OAuth ... to Authorization: Bearer ..., and as such my headers look like this:

Client-ID: <Application Client ID>
Authorization: Bearer <user access token>

Using these headers and a GET request to, I am returned the 400 error described above.

I’m using the scope user:read:email.

I’m fetching the access tokens via I didn’t see any documentation for a newer helix token endpoint, but I thought I’d mention this.

For additional information, here’s the exact code I’m using (Ruby)

  def get_data
    response = HTTParty.get('', headers: {
      'Client-ID' => @client_id,
      'Authorization' => "Bearer #{@access_token}" # @access_token and @client_id are confirmed to have the correct data


Thank you!

Are you sure that the access token you’re providing is valid? You’ll get 400 if it’s invalid.

Kraken and Helix do use the same types of tokens, however the scopes are non-transferable. Make sure that you actually requested user:read:email and not a Kraken scope.

Honestly, I’m not sure how to tell. I’m getting the access token by POSTing my client_id, client_secret, grant_type (client_credentials), and scope (user:read:email) to

Twitch responds with something like this:

  "access_token": "0og<redacted>p16",

Finally, I take the given access_token and pass it on to the function described above. Does that sound correct? And my Client-ID header should be correct, since it’s the same ID that I pass to get my token.

Thanks for the info! I’ve made sure that all scopes used are the new helix scopes.

Ah, that would be it. Since you are making a request on behalf of a user, you have to provide a user access token. Right now the only endpoint that accepts an access token is the /entitlements/upload endpoint.


That’s the ticket! Thank you very much!

I really should’ve RTFM more thoroughly. Thanks @Six and @modesttim!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.