Figured it out. Since I was using the “new” Twitch API I needed to switch the Authorization header from OAuth to Bearer as specified in the docs. Since I was already including the Client-ID many of my requests were working because they did not require any scopes.