I tested this when Helix was first published and it was behaving correctly according to the docs. I just tested three different scenarios again my library.
Tests
- Test 1: providing 2 Bearer tokens, each made with different Client ID’s.
- Test 2: providing 2 Bearer tokens, each made the same Client ID.
- Test 3: providing 2 different Client ID’s.
Results
- Test 1: Each Bearer token was successfully able to make 120 requests, independent of each other.
- Test 2: Only 120 requests total were able to be made between the two Bearer tokens.
- Test 3: Only 30 requests total were able to be made between both Client ID’s.
In summary, when Bearer tokens are provided the rate limiting behavior is based off of Client ID. When only Client ID’s are provided, then the rate limiting behavior is based off of IP.