As a developer that has been building applications against the Twitch API for quite a few years now, this announcement really pains me. Not just because it will affect most of my applications, also because it shows how motivated Twitch is to have a vibrant and open API ecosystem (not like helix was a bit of a clue, but we were all hoping for the better, that the Trello board copied from Twitter wasn’t an indication of things to come).
I won’t call this a lie, but I will insist that this is not very forthcoming of the real reasons for this move (I’d love to point out how little this change does for security, but I believe others have already done justice to this argument). Instead, I’ll try to find the real reasons why you’d require OAuth for all API calls. One hypothesis is that it was a challenge to run the IP based rate limiter. Either for privacy or scalability reasons. The other one, that would feel much sourer, is that you have observed that anonymous users of Twitch are fairly unlikely to provide Twitch with any revenue. So the solution to this is to make people sign up more. Or just ignore the platform. After all, what’s a few thousand users lost over better revenue?
I’ll make my final plea, knowing that I can’t change your opinion: I’ve written mostly API clients that interact with the Twitch API anonymously. Why? The most important reason was, that they had no need to be authenticated. This also meant they were accessible to users that did not have a Twitch account, for whatever reasons. I have very little reason to add authentication to those clients because I’d be reducing the feature set. As such, after some of them already losing features from the helix transition I’m really not keen on that. I hear the solution would be to run a server that uses an app token. While true on paper, it also means that I now have to handle the scaling of my application. It also means I have to handle the rate limits of the app token. Oh, and spend money to have a server in the first place.
I’d argue that developer accessibility is less limited on understanding how to use the API without OAuth than being able to build something with little money. I started many of my projects while I was a student and simply couldn’t afford a server that would proxy the API requests. Removing the ability to easily build things against the API would then arguably further lead to less innovation against the platform. But if you want to control the platform you don’t want external innovation, as Twitter showed (and now regrets?).
I guess I’ll focus my time and attention on other platforms like Mixer or YouTube, where you can still interact with the API without user requirement. So long, best API of a streaming site, we’ve had a good run.
(If possible I will of course update my extension to still have working API calls with this new requirement if the appropriate tools are provided, but it’s got barely any calls in the first place, since that data it needs comes from a “grey area”)