I want to use API requests to easily manage my channel points rewards. Specifically I want to be able to enable/disable rewards.
-I registered a new app in my developer console.
-I granted permissions to that app to read and manage rewards.
-I retrieve the list of rewards. Nice!
-Then I try to edit one of them (just change the is_enabled flag) and FORBIDDEN. Why?
So my guess It’s that, via API, one app can only modidfy the rewards created previously by the app itself (using the create entry point). And this is a safety measure since, hypothetically, I could grant permissions to N different apps, and all of them could create new rewards. And if all those apps could edit the rewards from everyone else, it would be a bit of chaos. Right?
But my point is, if my app is linked to my twitch user, and that app makes a server request to edit a reward (created by me using the web dashboard), shouldn’t the system be able to recognize that the app is actually me and then allow the edit??
The scope (manage channel rewards) on the API only lets you manage rewards that the ClientID created.
The dashboard ClientID != the ClientID you used
And the “owner” of the ClientID is irrelevant (as thats not how oAuth works)
There are not “permissions” between a ClientID and the owner of the ClientID
That’s a bummer then dunno, it sounded so obvious to me… Then I guess it’s impossible to do the functionality I was looking for: to be able to enable/disable rewards (created by yourself via dashboard) via API request.
Hmm then my next natural question would be: would it be possible to get the ClientID/Secret/whatever from Dashboard to do server requests in its behalf?
Recreate the rewards via the API, after they have been created via the API you can then manage/edit them in the dashboard as “ownership” is reatined by the ClientID that created it
No.
You might want to raise a uservoice to describe what you want to do
dunno, it sounded so obvious to me… Then I guess it’s impossible to do the functionality I was looking for: to be able to enable/disable rewards (created by yourself via dashboard) via API request.