App Access Token


App access tokens can only be retrieved by developers' apps.

All that is required is the client_id and client_secret.

App tokens are only to be used server-side, in ways that will protect the data. They can retrieve any data that any authorized users of the app can access, so you must take care to respect users' blocks and mutes yourself.


Make a POST call like so:

curl "" \
  -d "client_id=[client ID]" \
  -d "client_secret=[client secret]" \
  -d "grant_type=client_credentials" \

A JSON response will be returned in the form of:

{"access_token":ACCESS_TOKEN, "token":{"...Token object..."}}

These are the endpoints available to app tokens, in addition to any endpoints that do not require authentication:

  • GET /users/{user_id}/following
  • GET /users/{user_id}/followers
  • GET /users/{user_id}/muted
  • GET /channels
  • GET /channels/{channel_id}
  • GET /channels/{channel_id}/subscribers
  • GET /channels/{channel_id}/messages
  • GET /channels/{channel_id}/messages/{message_id}
  • GET /channels/messages
  • POST /streams
  • GET /streams/{stream_key}
  • PUT /streams/{stream_key}
  • DELETE /streams/{stream_key}
  • GET /streams
  • DELETE /streams
  • GET /apps/me/users/ids
  • GET /apps/me/users/tokens
  • GET /presence