A game often needs to associate its currently running instance with the stream channel that the game is being streamed on. Muxy provides a simple, text-based linking scheme that can be used by a broadcaster.

A GameLink PIN is a 6-character code that an extension user can use to verify their identity to a game.

The PIN is generated by MEDKit and shown only to the broadcaster of a channel. It can then be entered into a game client and used to authenticate a GameLink connection.

Obtaining a PIN

The broadcaster of a game or extension can submit an Extension Client ID in an unauthorized call to the pin endpoint to begin the authentication/authorization workflow for a Muxy-powered extension.

The call returns both a JWT and a PIN code. The game or extension should display this code to the broadcaster, who can then enter it on a supported extension. When the PIN is validated, the JWT becomes authorized to make calls on behalf of the broadcaster.

Request

Use a POST request to initiate PIN authorization.

🚧

No Authorization header is required for this call. The call is authenticated by an Extension Client ID contained in the body of the request.

POST /v1/e/pin

The body of the request contains the caller's Extension Client ID in a JSON object. This is a Twitch Extension Client ID that has been registered with Muxy. For details, see [Quick Start for Developers](doc:quick-start#register-your-extension-with-muxy0.

{
    "identifier": "<ClientID>"
}

Response
If the call succeeds, the body of the response contains a JSON object with the following fields.

{
    "token": "<jwt>", 
    "pin": "<PIN>"
}
FieldValue
tokenA JWT that can be used in an Authorization Header.
The role of this JWT is broadcaster.
This token is not valid until the user finishes the PIN flow.
pinA case-sensitive string of alpha-numeric characters.
This PIN is valid for about 5 minutes.

Validating a PIN

Use the validate_pin endpoint to confirm the validity of a PIN you receive from a call to the pin endpoint.
This endpoint should be called from the configuration page of an extension, where only the broadcaster has access.

Request

This call requires an Authorization Header with a broadcaster signed JWT.

POST /v1/e/validate_pin

The body of the request is a a JSON object that contains the PIN to be validated.

{
    "pin": "<PIN>"
}

Response

A successful response indicates a valid PIN. If the PIN is invalid, the call fails.

🚧

Validating a JWT

To check the validity of a JWT received from the PIN authorization call, poll the User Information endpoint for the user until the call returns a 200 response.