Is you backend using the Extension ClientID and Extension Client Secret to make calls to the API? My extension backend all use the Extension ClientID + Extension Client Secret for calls. So I’m not juggling two client ID’s (and an extension is also an application)
It might just be that the “email alert” was triggered off a “old report” of v5 usage.
Or someone might be borrowing your clientID so theres nothing to worry about if you already updated your code and stuff.
Also note that some extension endpoints (send chat, pubsub and config service) all have new “helix” endpoints to migrate to, as the older ones are scheduled for removal along with v5.