What auth data is required when trying to create a clip?

I am trying to make myself an external method of creating clips.
From my own trial and error, I gathered that I need to POST to https://clips.twitch.tv/clips with this data: the channel name, offset (in seconds since the start of the stream), and the broadcast ID all of which are obtained through https://api.twitch.tv/kraken/streams/.
I’ve run into a barrier with what I need to use to authenticate myself. I’ve successfully created clips with this method on my browser, but have been unable to replicate it in Python. It seems to me that I need cookies.
I was able to test the other values because I could see them when creating a clip, and I can see the cookies sent as well, which seems to be my login info. The problem is, I don’t know if this is actually what I need nor what twitch expects me to send it in python.
Should I be sending a verbatim of the browser cookies I see being sent in the POST (Not as a permanent solution, just to get it to succeed from Python) or should I be using OAuth, and how would I set up OAuth to work in this situation?

The clips endpoint probably requires authentication using the session cookie + API token from the website.
Judging from my own experiments the API token used by the official site is useless for API requests without the session cookie and vice versa. Twitch’s on-site login requests a special 'openid' scope which you can’t use with the official OAuth flow (IIRC you get an 'invalid_scope' error). Note that this information is based on my own recollection of results playing around with the login session. It’s not official information, nor do I recommend doing this :stuck_out_tongue:

If you’re just going to use it for yourself you can always “hijack” your own login session (Twitch-Api-Token header, persistent and api_token cookies) and copy+paste it into your application. Login credentials are valid for ~30 days.

If you’re building a service intended for use by others you’re probably out of luck. There’s not much you can do besides waiting for the clips endpoint to become part of the official API.

Thank you for the detailed response. This is just for me. I’ve tried using the Twitch-Api-Token header and persistant and api_token cookies to no avail. The server doesn’t seem to respond with a detailed message of why it’s failing, just a 500 Internal Server Error if it does not succeed. I got my values from the request headers sent in a GET info.json?on_site=1 request, and am sending them to https://clips.twitch.tv/clips via POST. Should I be doing this differently? And on a side note, have you been able to log in using the method you have suggested?

Just create a clip using the website and look at the request using the Chrome Developer Tools, Firebug, or whatever. Rebuild that request in your code, verify that it works and then you can start removing non-essential headers/cookies. If it suddenly stops working you remove something that’s required.

I’m not sure what you’re asking. No, I haven’t circumvented Twitch’s login and I recommend you stay away from that too. Using undocumented APIs is one thing, but fiddling with the login is definitely against ToS.

I figured out what was making it fail, and it was very simple. broadcastid was supposed to be broadcast_id and I didn’t notice until now. Thanks for the heads up about messing with Twitch’s login, and thank you for your help! :slight_smile:

Definitely agree with @Qntm here. There isn’t a supported Clips API yet, so I would be cautious using this as it is a risk.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.