- Register your bot/application at https://dev.twitch.tv/console/apps to aquire a client id and secret.
- Set the variables
twitch-client-idandtwitch-client-secretas secret variables in your Postman environment. - Set the
twitch-scopesvariable as a regular variable and add every permission you think you need in a space separated list.
DON'T add every scope on planet earth, for safety reasons you want your token to only to be allowed to access what you need . - Send the Device request and click on the
verification_uriyou get form twitch.
Read and confirm the permissions Twitch shows you duediligently!! - Accept the request if everything is correct.
- Now you can send the Device Login request and receive the
access_tokenandrefresh_tokenthat you can use in the 'Token Refresh' and 'Token Validate' requests and in all your other api calls by using the variablesTWITCH_TOKENandTWITCH_REFRESH_TOKEN
You can use the test snippets to automate the token updates by putting the code in each of the test sections in Postman.
The Device Request will give you an expiration and an interval to which you are allowed to automate re-checking of the completion, so don't call the Device Login more than specified in the interval or it will block the auth flow.
While the request is not completed you will get a 400 status with the message: authorization_pending