Skip to main content

Twitch API Keys

Description#

General#

  • Documentation: https://dev.twitch.tv/docs/api/
  • Summary: Twitch is a video live streaming platform focusing on video game live streaming. Twitch provides a REST API to interact with various services on the platform: videos, leaderboards, chats, analytics... This detector focuses on detecting client_id and client_secret associated to an application and used to authenticate this application when interacting with the API.
  • IPs allowlist: Some part of the API require being allowlisted by the platform to consume data.
  • Scopes: A great variety of scopes can be specified when generating a token. See this documentation for more details.

Revoke the secret#

A client_secret can be revoked in the applications tab of the developer's console.

Check for suspicious activity#

As of the time of writing this documentation, this feature is not yet supported.

Details for Twitch api keys#

  • Family: Api

  • Category: Other

  • Company: Twitch

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 1.63

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - twitch

Examples#

- text: >    "TWITCH_ID": "exxxhp00halu8nm0ggs3m0uejmnwlp",    "TWITCH_SECRET": "lxx03s2vel8ggi6yhgxj6ggg85x2ve"
  client_id: exxxhp00halu8nm0ggs3m0uejmnwlp  client_secret: lxx03s2vel8ggi6yhgxj6ggg85x2ve
# Possible collision with twitch_token- text: >    "TWITCH_ID": "exxxhp00halu8nm0ggs3m0uejmnwlp",    "TWITCH_SECRET_TOKEN": "lxx03s2vel8ggi6yhgxj6ggg85x2ve"
  client_id: exxxhp00halu8nm0ggs3m0uejmnwlp  client_secret: lxx03s2vel8ggi6yhgxj6ggg85x2ve