Hello,
It’s been a long time since I needed you 
I am in the process of creating an extension to pay for bits in exchange for a user timeout. It’s very specific for one of my clients.
I did most of my extension, I deployed it in hosted test mode to verify that everything works. UX side everything is good. On the other hand, I want to be able to deliver the product via a server, therefore in the backend.
This server has all a logic allowing me to trigger the timeout as well as animation in stream, etc.
My issue is the following :
When purchasing in test mode, the event is triggered and I get information about the transaction.
I cannot obtain, on the server side, the information of this transaction using the helix/extensions/transactions API
I always have a 401 error that says
{
“error”: “Unauthorized”,
“status”: 401,
“message”: “requested extension-id does not match token”
}
I don’t understand what the problem is in this case. I am using a very fresh app_access_token and I am sure to use as a parameter the identifier of my extension as well as the transaction number that the event gave me.
For the example it is ?extension_id=t1v8yh1upvyh23uurdfzo46flgyesy&id=5d4588a5-09d5-488f-89c1-7eee1785c2ea
Am I using the correct way to implement the way I reward my user?
I could have implemented a secure system directly from the extension to talk in websocket to my server but it is not easy to secure such a process … hence the id to control the transaction information apart.
I am open to any suggestion or help to solve my problem,
Thanks in advance: D
Better to rubber duck and/or ask for help than to get stuck 