Beginner web developer here, currently working on a video overlay extension that works with the twitch API.
- User will hit an upload button on the overlay to send a token and a payload to EBS.
- EBS will decode and verify token
- Upon success, EBS will make an API call with the user_id from the decoded token to get the display_name
- EBS does stuff with payload and display_name
My questions is on step 3. Currently, I can only do 30 API calls per minute.
I am trying to make the call with a bearer token to increase the limit to 120, but am not exactly sure how the token fits into it.
Where does the token come from?
Do I use the token sent from the extension?
Do I generate the token on the server based off the API secret generated the on twitch api dashboard?
If I have the server generate the token, what is the format of the payload?
I’ve tired the above, but the API calls are all still hitting the 30 limit.
Thanks for any help!
For this use case the bearer token would be obtained by completing the " OAuth Client Credentials Flow" as documented here: https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#oauth-client-credentials-flow
You need a “App access token” as described here
Such a token can be generated server side with no user interaction
Thanks for the help folks!
I’ve successfully generated a token via this workflow and have upped the API limit to 120 per minute.
I actually just manually ran a curl request and tossed the token into environment variables on the webserver(node). I see it expires in ~57 days.
I am relatively new to API use. Would I have the server periodically generate a new token every once in a while? Could you share any info or recommend any resources on best practices in this regard (token management)?
Just standard security stuff, treat your AppToken, just like your AppSecret, as a Password and secure it as such.
Great, thanks for the help, much appreciated!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.