Skip to main content

Twitch User App Credentials



  • Documentation:
  • Summary: Twitch is a video live streaming platform focusing on video game live streaming. Twitch provides a REST API to interact with various services on the platform: videos, leaderboards, chats, analytics... This detector focuses on detecting a couple client_id and API token. The API token is issued using an application credentials, it is the token used to perform the actual API calls. It has a lifetime limited to 60 days.
  • IPs allowlist: Some part of the API require being allowlisted by the platform to consume data.
  • Scopes: An API token can have various scopes. See this documentation for more details.

Revoke the secret#

An API token can be revoked using the API. See this documentation for more details.

Check for suspicious activity#

As of the time of writing this documentation, this feature is not yet supported.

Details for Twitch app credentials#

  • Family: Api

  • Category: Other

  • Company: Twitch

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.14

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - twitch


- text: |    "TWITCH_ID": "exxxhp00halu8nm0ggs3m0uejmnwlp",    "TWITCH_TOKEN": "lxx03s2vel8ggi6yhgxj6ggg85x2ve"
  client_id: exxxhp00halu8nm0ggs3m0uejmnwlp  client_secret: lxx03s2vel8ggi6yhgxj6ggg85x2ve