-
Client ID’s are limited on what they can do with the Twitch API. Auth Tokens which are generated when a user logs into Twitch through your Twitch App and can allow you to do a lot more with the Twitch API on behalf of the user because they permitted it. So yes, to make requests from the browser you would need to send your Client ID or Auth Token to make requests from there.
-
When a user authenticates your app, that is when you should make a request to get basic information about the person authenticating your app. This would include the url to their profile picture which would be best stored in the users browser. Then when the user visits your web app again you can pull the url from their storage and embed it in an image tag which would cause the browser to make a request to obtain the image from Twitch on behalf of the user rather than your service.
-
Unfortunately, every time you require someone to log in with your Twitch App your Client ID is exposed in the url. If someone decides to use your Client ID with malicious intent then yes it could effect your Twitch App’s rate limit and usage.
4.This was partially answered from the first question but it would be best to use Auth Tokens for users because Client ID’s are limited on what they can do with the Twitch API. Auth Tokens can do quite a lot more based on what permissions where granted to them.
- I have not messed with the Twitch API in a long time so I cannot give you an accurate answer but from what I pulled up on Twitch’s API documents I would assume this
Each client ID is granted a total of 30 queries per minute (if a Bearer token is not provided) or 120 queries per minute (if a Bearer token is provided), across all new Twitch API queries. If this limit is exceeded, an error is returned: HTTP 429 (Too Many Requests).
Bearer token being the Auth Token I was talking about in my past answers.
- I’m not sure if Twitch disclosed an endpoint on their API that will allow you do a search of users based on keywords. They do offer a search on users but you have to be exact on the name which would always return a single user rather than multiple users. Unless they changed that because like I said I have not messed with their API in a long time.
Hopefully I have answered most of your questions and if not, hopefully someone else can.