I maintain a tool that allows for a user to combine multiple chat channels into a single scrolling pane. It does not allow for any interaction with the chat; it is trying to only access information that would be publicly available by going to the chat without logging in to Twitch. However, I am running into a problem with the Get Custom Reward API, specifically the requirement that the oAuth token must belong to the broadcaster from whom I am requesting information on the reward. This feels to me like an unnecessary requirement, as someone who is not authenticated to Twitch can enter a user’s channel at any time and see this same information. I can already see that a redemption is being made without authenticating, but I only get to see its UUID, and I can’t pass it in to the API because my application uses its own oAuth token (which is a separate issue that it even needs one, because Badge images have been locked down in a similar way).
I understand that I am unlikely to find a way of resolving this without asking anyone who wants their channel point redemptions to show in my application to register an oAuth token with it, but please at minimum take this as a suggestion for “Make a suite of unauthenticated APIs that can get the same amount of information as a user visiting twitch.tv without an account.”