IV.B. Keys … you will be issued one or more unique security keys, secrets, tokens, access codes, passwords or other credentials (collectively, “Keys”). … All activities that occur using your Keys are your responsibility. Keep them secret.
That would mean, that I can’t give out my Client Id, therefore I can’t use it to make valid Twitch API requests on frontend.
It would be extremely inconvenient. It would make all websites unable to use Twitch API without proxying all the requests.
Can I use Twitch API with Client Id in my website?
Regardless authorization process exposes Client Id to anyone trying to login to my app.
Given that I have at least publicly available authentication to my app, anyone can get my Client Id and impersonate me.
Will my app get rate limited if someone would abuse Twitch API rate limit using my Client Id?