oAuth in a nutshell
- Someone comes to your website, in order to grant access to your application to your Twitch account
- They click a link that takes them to twitch
- They accept (or deny) the application link (and any additional permissions or scopes)
- If they accept they come back to your website with a ?code
- You exchange the ?code for an access token/refresh token key pair
- You store (and use the keys)
It’ll be the URL to the page/script that handles the final oAuth steps
An access token is “like a password” that you provide to the Twitch API that will confirm if you have the rights to read someones subscribers.
You provide the token as a header when making calls to the API
So to call the subscribers endpoint, you do as follows
curl -X GET 'https://api.twitch.tv/helix/subscriptions?broadcaster_id=123' \
-H 'Authorization: Bearer cfabdegwdoklmawdzdo98xt2fo512y' \
-H 'Client-Id: uo6dggojyb8d6soh92zknwmi5ej1q2'
From the docs, you send the Authorization token for the broadcaster 123 which’ll let you read the subscribers