Kick Integration

Connect your Kick accounts to enable chat bots, channel management, and stream interaction.

Setup

Prerequisites

A Kick application registered at Kick Developer Portal
Configure your OAuth redirect URI: {server.public_url}/v1/integrations/callback/kick
Note your Client ID (Kick uses OAuth 2.1 with PKCE, so no client secret is needed for public clients)

OAuth 2.1 with PKCE

Kick uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) for enhanced security:

No client secret required for public clients
Code verifier/challenge prevents authorization code interception
More secure for web and mobile applications

Configuration

[server]
# The redirect URI is automatically built from this: {public_url}/v1/integrations/callback/kick
public_url = "https://your-domain.com"

[integrations.kick]
client_id = "your_kick_client_id"
# client_secret is optional for confidential clients
client_secret = ""

Or via environment variables:

SERVER_PUBLIC_URL=https://your-domain.com
KICK_INTEGRATION_CLIENT_ID=your_client_id
# Optional for confidential clients
KICK_INTEGRATION_CLIENT_SECRET=

Redirect URI

The OAuth redirect URI is automatically constructed from server.public_url: {server.public_url}/v1/integrations/callback/kick

Make sure to add this exact URL to your Kick application's OAuth settings.

OAuth Scopes

Channel Scopes

Scopes requested for channel (broadcaster) accounts:

Scope	Description	Required
`channel:read`	Read channel information	Yes
`channel:write`	Update channel settings	No
`chat:read`	Read chat messages	Yes
`subscribers:read`	View subscribers list	No

Bot Scopes

Scopes requested for bot accounts:

Scope	Description	Required
`chat:read`	Read chat messages	Yes
`chat:write`	Send chat messages	Yes
`user:read`	Read user information	Yes

PKCE Flow

Heimdall implements the PKCE flow automatically:

Generate code verifier: Random 43-128 character string
Create code challenge: SHA256 hash of verifier, base64url encoded
Authorization request: Include code_challenge and code_challenge_method
Token exchange: Include code_verifier

The implementation handles this transparently - you just click "Connect".

Chat Integration

WebSocket Connection

Kick uses WebSocket (Pusher) for real-time chat:

// Pusher configuration for Kick
const pusher = new Pusher('your_app_key', {
  cluster: 'us2',
  authEndpoint: 'https://kick.com/pusher/auth'
});

const channel = pusher.subscribe(`chatrooms.${chatroomId}`);
channel.bind('App\\Events\\ChatMessageEvent', (data) => {
  console.log('New message:', data.content);
});

Sending Messages

Messages are sent via REST API:

POST https://kick.com/api/v2/messages/send/{chatroom_id}
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "content": "Hello from the bot!",
  "type": "message"
}

Rate Limits

Type	Limit
Messages	20 messages/30 seconds
API requests	Varies by endpoint

Connecting Accounts

Connect Channel Account

Go to Admin > Integrations
Click "Connect" under Kick
Select "Channel" as the account type
Sign in with your Kick broadcaster account
Authorize the requested permissions
You'll be redirected back to Heimdall

Connect Bot Account

Create or log into your bot's Kick account
Go to Admin > Integrations
Click "Connect" under Kick
Select "Bot" as the account type
Enter a unique bot identifier
Sign in with the bot's Kick account
Authorize the requested permissions

Token Management

Token Lifetime

Access Token: 1 hour (automatically refreshed)
Refresh Token: Longer validity (varies)

PKCE Tokens

With PKCE, the token exchange requires the original code verifier. Heimdall stores this securely during the OAuth flow.

Token Errors

Error	Cause	Solution
`invalid_grant`	Token revoked or code verifier mismatch	Disconnect and reconnect
`invalid_request`	Missing PKCE parameters	Internal error, contact support
`unauthorized_client`	Client ID not authorized	Verify app registration

Moderation

Timeout User

POST https://kick.com/api/v2/channels/{channel}/timeout
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "user_id": "{user_id}",
  "duration": 600
}

Ban User

POST https://kick.com/api/v2/channels/{channel}/bans
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "user_id": "{user_id}",
  "reason": "Rule violation"
}

Delete Message

DELETE https://kick.com/api/v2/messages/{message_id}
Authorization: Bearer {access_token}

Troubleshooting

"invalid_client" error

Verify your Client ID is correct
Ensure the app is properly registered on Kick
Check that redirect URI matches exactly

PKCE verification failed

This indicates a code verifier mismatch:

Session may have expired during OAuth flow
Try disconnecting and reconnecting
Clear browser cookies and retry

Chat connection drops

Implement reconnection logic
Handle Pusher connection state changes
Re-subscribe to channels after reconnect

Bot messages not sending

Verify chat:write scope was authorized
Check rate limits
Ensure bot account is not banned/muted in channel

Setup​

Prerequisites​

OAuth 2.1 with PKCE​

Configuration​

OAuth Scopes​

Channel Scopes​

Bot Scopes​

PKCE Flow​

Chat Integration​

WebSocket Connection​

Sending Messages​

Rate Limits​

Connecting Accounts​

Connect Channel Account​

Connect Bot Account​

Token Management​

Token Lifetime​

PKCE Tokens​

Token Errors​

Moderation​

Timeout User​

Ban User​

Delete Message​

Troubleshooting​

"invalid_client" error​

PKCE verification failed​

Chat connection drops​

Bot messages not sending​