The API only only supports the broadcasters token.
As the broadcaster chooses what tools can/can’t talk to the API on the casters behalf
Additionally, the API only letys you accept/reject on rewards that were created by the calling clientID.
Basically it’s super locked down for security.
And as per the docs
Provided
broadcaster_idmust match theuser_idin the user OAuth token.