Check AutoMod Status various issues

[BarryCarlyon]

Brief description

Currently Check AutoMod Status is broken.

It either returns

My token, correct scope, wrong broadcaster_id

https://api.twitch.tv/helix/moderation/enforcements/status?broadcaster_id=26610234

{
  "error": "Forbidden",
  "status": 403,
  "message": ""
}

My token, correct scope, correct broadcaster_id

https://api.twitch.tv/helix/moderation/enforcements/status?broadcaster_id=15185913

{
  "error": "Internal Server Error",
  "status": 500,
  "message": ""
}

How to reproduce

Post to
https://api.twitch.tv/helix/moderation/enforcements/status

with body as follows, or the example from the docs.

{
  "data": [
    {
      "msg_id": "123",
      "msg_text": "Hello World!"
    },
    {
      "msg_id": "393",
      "msg_text": "Boooooo!"
    }
  ]
}

Expected behavior

Correct error message when the user_id in the token is not the user_id in the query string
Correct response when using the right data reporting enforcement values, not an error

Additional context or questions

Original report

https://discuss.dev.twitch.tv/t/keep-getting-forbidden-status-trying-to-call-the-api/34972/

[BarryCarlyon]

Revison

a body of

'{
  "data": [
    {
      "msg_id": "123",
      "msg_text": "Hello World!",
      "user_id": "23749"
    },
    {
      "msg_id": "393",
      "msg_text": "Boooooo!",
      "user_id": "23422"
    }
  ]
}

as per the docs 500's as user 23422 doesn't eixst.

additionally

curl -X POST 'https://api.twitch.tv/helix/moderation/enforcements/status' \
-H 'Authorization: Bearer cfabdegwdoklmawdzdo98xt2fo512y' \
-H 'Client-Id: uo6dggojyb8d6soh92zknwmi5ej1q2' \
-H 'Content-Type: application/json' \
-d '{
  "data": [
    {
      "msg_id": "123",
      "msg_text": "Hello World!",
      "user_id": "23749"
    },
    {
      "msg_id": "393",
      "msg_text": "Boooooo!",
      "user_id": "23422"
    }
  ]
}'

omits the required broadcaster_id

add broadcaster_id of twitchdev to the URL and twitch to the body.

If you specify the wrong broadcaster_id fix the 403 to be more descriptive

If the body is invalid fix the error to include a validation error

[BarryCarlyon]

Additionally using a username instead of a numeric ID in the user_id in the payload results in a 500 too

This endpoint needs some validation work

{
  "data": [
    {
      "msg_id": "cat",
      "msg_text": "Hello World!",
      "user_id": "15185913"
    },
    {
      "msg_id": "393",
      "msg_text": "Boooooo!",
      "user_id": "fred"
    }
  ]
}

Results in

{
  "error": "Internal Server Error",
  "status": 500,
  "message": ""
}

isntead of

{
  "data": [
    {
      "msg_id": "cat",
      "is_permitted": true
    },
    {
      "msg_id": "393",
      "error": true,
      "message": "Invalid/non numeric User ID"
    }
  ]
}

[BarryCarlyon]

Summary of issues

• Token is a App Access Token

{
  "error": "Forbidden",
  "status": 403,
  "message": ""
}

Should be

{
  "error": "Forbidden",
  "status": 403,
  "message": "Missing User oAuth token"
}

• UserID doesn't match the token

{
  "error": "Forbidden",
  "status": 403,
  "message": ""
}

should be

{
  "error": "Forbidden",
  "status": 403,
  "message": "Broadcaster ID doesn't match the User ID in the token"
}

• UserID in payload is missing, invlid, or user doesn't exist
  Payload Exmaple:

Missing User

{
  "data": [
    {
      "msg_id": "cat",
      "msg_text": "Hello World!"
    }
  ]
}

User is a word

{
  "data": [
    {
      "msg_id": "cat",
      "msg_text": "Hello World!",
      "user_id": "fred"
    }
  ]
}

Expected

{
  "error": "Forbidden",
  "status": 403,
  "message": "UserID doesn't match the User ID in the token"
}

User ID deosn't exist, or is TOS'ed from the service. (I don't have handy TOS'ed ID to test this)

{
  "data": [
    {
      "msg_id": "cat",
      "msg_text": "Hello World!",
      "user_id": "123123"
    }
  ]
}

Result:

{
  "data": [
    {
      "msg_id": "393",
      "error": true,
      "message": "Invalid/non numeric User ID"
    }
  ]
}

You specify one good payload and one bad payload

{
  "data": [
    {
      "msg_id": "cat",
      "msg_text": "Hello World!",
      "user_id": "61788418"
    },
    {
      "msg_id": "393",
      "msg_text": "Boooooo!",
      "user_id": "bad"
    }
  ]
}

Result:

{
  "error": "Internal Server Error",
  "status": 500,
  "message": ""
}

Expected something like

{
  "data": [
    {
      "msg_id": "cat",
      "is_permitted": true
    },
    {
      "msg_id": "393",
      "error": true,
      "message": "Invalid/non numeric User ID"
    }
  ]
}

You specify something weird:

{
  "data": [
    {
      "user_id": "61788418"
    },
    {
      "user_id": "61788418"
    }
  ]
}

Result: 200 OK with

{
  "data": [
    {
      "msg_id": "",
      "is_permitted": true
    }
  ]
}

Should be an error as no msg_id or msg_text to actually test

Documentation Error

https://dev.twitch.tv/docs/api/reference#check-automod-status

The Example does not include a broadcaster_id which is required
The Example calls users 23422 and 23749, neither of which exist
That covers just about everything.

[BarryCarlyon]

Superseeded by #530 for clarity