Skip to main content

Twitch User App Credentials



  • Documentation:
  • Summary: Twitch is a video live streaming platform focusing on video game live streaming. Twitch provides a REST API to interact with various services on the platform: videos, leaderboards, chats, analytics... This detector focuses on detecting a couple client_id and API token. The API token is issued using an application credentials, it is the token used to perform the actual API calls. It has a lifetime limited to 60 days.
  • IPs allowlist: Some part of the API require being allowlisted by the platform to consume data.
  • Scopes: An API token can have various scopes. See this documentation for more details.

Revoke the secret

An API token can be revoked using the API. See this documentation for more details.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Twitch app credentials

  • Family: Api

  • Category: Other

  • Company: Twitch

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.14

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
- twitch


- text: |
"TWITCH_ID": "exxxhp00halu8nm0ggs3m0uejmnwlp",
"TWITCH_TOKEN": "lxx03s2vel8ggi6yhgxj6ggg85x2ve"

client_id: exxxhp00halu8nm0ggs3m0uejmnwlp
client_secret: lxx03s2vel8ggi6yhgxj6ggg85x2ve

How can I help you ?