/webhooks/subscriptions >> Must provide valid app token but bearer present

API
1

Hi all,

There’s quite a few posts about missing bearer tokens and such, and I thought I had this whole authentication thing down (have written quite a few Twitch scripts already).

Now I wish to test if my ‘webhook subscriptions’ are registering.

My PHP code:

  $api_endpoint = 'https://api.twitch.tv/helix/webhooks/subscriptions?first=100';

    $headers = array(
        'Authorization: Bearer << bearer token here >>',
        'Client-ID: << client-ID here >>'
    );

    $options = array(
        CURLOPT_URL => $api_endpoint,
        CURLOPT_HTTPHEADER => $headers,
        CURLOPT_RETURNTRANSFER => true
    );

    $ch = curl_init();
    curl_setopt_array($ch, $options);
    $response = curl_exec($ch);
    curl_close($ch);

The response:
“{“error”:“Unauthorized”,“status”:401,“message”:“Must provide valid app token.”}”

I’m sure the Bearer token is valid, and so is the Client-ID.
I have several scripts running that verify the exact same way, succesfully…

I can’t, for the love of me, figure this one out.
Hope you guys can spot what I did wrong ;).

2

This suggests you authenticated with a “User Token” not a “App Token”

You need one of these, a client credentials token (aka App Access)

3

Thanks a lot Barry! You’re a champ. That was indeed it.

When reading the Twitch docs I always get confused about what’s what.
Especially when you need a ‘user token’ to be able to subscribe to webhooks, but then need an app-token to be able to check ‘to which you’re subscribed’.

Anyway, works like a charm now! Thanks again!

4

Yeah user token for the topics that require a scope.
Public data like streams/follows will work with the same app access token.

It’s all about describing the “owner” and whilst for subscribers the owner is the caster, webhooks belong to the developer