I don’t think the rate-limit affects the current versions of the API, only the new one that’s been announced yesterday I think.
It would make sense to be by Client-ID but there are other things to note when doing this.
The Client-ID is public so anyone can use your Client-ID and perform (unauthenticated) requests to the API in the name of your App, this means other people would be able to use your rate limit and block your requests if they wanted by surpassing that same limit.
I’m sure twitch knows that and will figure out something to prevent that from happening.