Twitch overlay server

when i try to broadcast the message use this api
curl --location --request POST ‘https://api.twitch.tv/extensions/message/491630980
–header ‘Client-Id: 18dackwclfhyy0addb0h7nak1sv6a9’
–header ‘Content-Type: application/json’
–header ‘Authorization: Bearer ’
–data-raw ‘{
“content_type”: “application/json”,
“message”: "{’’‘foo’’’: ‘’‘bar’’’}",
“targets”: “[’’‘broadcast’’’]”
}’

this getting response
{
“error”: “Forbidden”,
“status”: 403,
“message”: “{\n “status”: 403,\n “message”: “JWT could not be verified”,\n “error”: “Forbidden”\n}”
}

Assuming you constructed a JWT to the right format.

The likely issue is you didn’t base64 decode your Extension Secret before use.

For example in Node/JS

// Prepare the Extension secret for use
// it's base64 encoded and we need to decode it first
const ext_secret = Buffer.from(config.extension_secret, 'base64');

const sigPubSubPayload = {
    "exp": Math.floor(new Date().getTime() / 1000) + 60,
    "user_id": config.owner,
    "role": "external",
    "channel_id": "all",
    "pubsub_perms": {
        "send": [
            "global"
        ]
    }
}
const sigPubSub = jwt.sign(sigPubSubPayload, ext_secret);

thanks for the response
i want to know that
config.extension_secret – secret key of our overlay extension?
config.owner – userId and channelld will be same?

Client ID is from the Top
Extension Secret is from the bottom.

owner is the Twitch User ID of the person whom owns the extension.

So if I own the Extension and you have my extension installed.

  • owner will be my TwitchID
  • channelID will be your TwitchID

If the example code it’s for a “all” playload, but you can sub global for broadcast and all for the target channelID:

const sigPubSubPayload = {
    "exp": Math.floor(new Date().getTime() / 1000) + 60,
    "user_id": config.owner,
    "role": "external",
    "channel_id": "12345",
    "pubsub_perms": {
        "send": [
            "broadcast"
        ]
    }
}

Thanks Barry,

will this work in java? what the following function will return in response?

jwt.sign(sigPubSubPayload, ext_secret)

when i am using with decode then …
curl --location --request POST ‘https://api.twitch.tv/extensions/message/491630980
–header 'Authorization: Bearer ’
–header ‘Client-Id: 18dackwclfhyy0addb0h7nak1sv6a9’
–header ‘Content-Type: application/json’
–data-raw ‘{
“content_type”:“application/json”,
“message”:"{foo:bar}",
“targets”:[“broadcast”]}’

getting response:
{“error”:“Not Found”,“status”:404,“message”:“Error (404): Client not found”}

No idea, the code is a javascript example. I don’t write Java so I don’t have a java example.

That one suggest one or more of the pieces of information you have provided is invalid.

thanks BarryCarlyon…
firstly i do decode our extension_secret key using jwt.io
then use this decoded token in my Authorization: Bearer and hit this curl…

curl --location --request POST ‘https://api.twitch.tv/extensions/message/491630980’
–header 'Authorization: Bearer ’
–header ‘Client-Id: 18dackwclfhyy0addb0h7nak1sv6a9’
–header ‘Content-Type: application/json’
–data-raw ‘{
“content_type”:“application/json”,
“message”:"{foo:bar}",
“targets”:[“broadcast”]}’

suggest me where i am wrong.

No you base64 decode it.

No you then construct a JWT using the secret and a payload similar to the Javascript example I posted. It’s a JSON object using those keys.

On https://jwt.io/ if you scroll down, you can find suggested JWT libraries you can use for Signing or Verification.

  1. Create a Object using the keys/layout I described in the javascript example
  2. base64 decode the secret
  3. use the object and the decoded secret to sign and create a JWT
  4. use the JWT as the bearer in the request

thanks BarryCarlyon
where i am found
config.owner
because u told me .
owner will be my TwitchID

Is this is a question or a statement?

this is question

Owner ID is the Twitch ID of the person whom owns the extension in the console.

Both channel and user ID"s can be found by using the username with the users API

thaks
this api showing only one id

If you specify one username then the API returns one User and thus one user ID, so thats expected

What call are you making to the users API

but where is my channel id which i pass in payload
id means “user_id”:"?"
what is channel id “channel_id”:"?"

???

channel id and user id are the same thing

different words are used depending on the context of the API being discussed.

ok thanks
today i was follow your these steps

  1. Create a Object using the keys/layout I described in the javascript example
  2. base64 decode the secret
  3. use the object and the decoded secret to sign and create a JWT
  4. use the JWT as the bearer in the request

but response getting
{
“error”: “Bad Request”,
“status”: 400,
“message”: “No client id specified”
}

Did you include the ClientID in the header?

Example from docs

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDMzNDM5NDcsInVzZXJfaWQiOiIyNzQxOTAxMSIsImNoYW5uZWxfaWQiOiIyNzQxOTAxMSIsInJvbGUiOiJleHRlcm5hbCIsInB1YnN1Yl9wZXJtcyI6eyJzZW5kIjpbIioiXX19.TiDAzrq58XczdymAozwsdVilRkjr9KN8C0pCv7px-FM" \
-H "Client-Id: pxifeyz7vxk9v6yb202nq4cwsnsp1t" \
-H "Content-Type: application/json" \
-d '{"content_type":"application/json", "message":"{\"foo\":\"bar\"}", "targets":["broadcast"]}' \
-X POST https://api.twitch.tv/extensions/message/27419011

You need the ClientID, Content Type, and the Auth headers as documented

client-id is a extension id right?

ya same thing i was pass