Twitch Approved Developer Program - Reinstate Follow/Unfollow API
Given the fact that Twitch had to take down the follow/unfollow api's due to bot programs that are out there - my suggestion would be to have an approved set of developers that propose and showcase their applications.
This way Twitch could bring back the follow/unfollow API and any service or developer that was in violation of Twitch's TOS regarding the API could be warned and ultimately have their access and credentials removed.
Twitch Developers could review the logs of which applications were connected with BOT services and immediately shut those down rather then removing the api in its entirety and removing it for those that are using the api to help smaller content creators gain followers and viewers through content.
Since Twitch is going to introduce follower emotes for all broadcasters soon, I think it's important for broadcasters that their chat bots are following their channels, so the bots can use the follower emotes in chat messages. This is why it should be possible for bots to follow their users automatically.
I had an application that used this endpoint precisely to remove "possible bots" from the broadcaster's account. 😢
I also just posted to the forums thread about this, and hope you guys fix it: https://discuss.dev.twitch.tv/t/deprecation-of-create-and-delete-follows-api-endpoints/32351/39?u=chrishecker
I do think there should be some sort of vetting process for certain endpoints for trusted apps. Like the partner program for developers. Partner streamers get elevated access to features automatically like emote approvals until they are misused. Once a developer is “approved” they can get elevated access to certain endpoints like this one or maybe new future endpoints too.
I totally agree with you - I don't understand how a user getting Botted Followers matters
1) Viewers are watching a streamer because they enjoy the content, not how many followers they have
2) Twitch reviews your statistics before promoting you into the Twitch Partner Program, the number of followers has no impact on your success into the program
3) There are so many good ways to use this follow tool to help aspiring streamers grow. My application made it so streamers could share clip moments and these could serve as a preview to their channel where viewers could hit the follow button and go on to the next form of content
The new solution is tough - now we would have to redirect someone to twitch, they would have to log in, before they could follow an end user and have a chance at watching them in the future
To eliminate these because some bot accounts are inflating the number of followers a streamer has seems to hurt the 99% of streamers that could benefit from this API kit
The issue(s) that I see here are that while it seems like this may mitigate malicious or capricious bots it only seems to do so by removing endpoints that benevolent developers may use too. This reeks of security through obscurity and while may not be intentional, feels semi-hostile to positive development practices.
I for one feel that while bots are useful I never understood the need, nor desire, for so many followers. That being said, I realize that I may be in the minority in that feeling. In any case, I believe that removing such an endpoint only changes the scope of where such malicious actors may code for next. In all likelihood, they moved on once they heard this announcement(which no doubt contributed to it's expedient removal without deprecation). Point in fact, I don't think even restricting this/these endpoint(s) behind any form of vetting process should be need, nor required. Will it likely fully mitigate the risk, possibly. But let's speak to the larger issue(s) at hand here: am I likely to have to make my source open source(yes), should that requirement be a fully working code(maybe), how well is the endpoint documented(at the moment it's removed, so null), am I guaranteed that changing my code won't require a revetting of the entire codebase(unsure at this juncture but unlikely), how would the platform benefit from code like this being vetted(it would make bots have a harder time following and unfollowing), are there any potential other solutions(yes, many). One such potential solution is that you could add a follow button to the a user's viewercard(which already is a minimized view and allows `Add Friend`, `Whisper`, and `Gift Sub`). Does this solve the problem of programmatically allowing such a follow/unfollow to occur, kind of, though it does require the user load a web site/browser this allows the platform to make sure the user is logged in via cookies or another means(i.e. Authorization Header)
In summary, I think that a respectful dialog between users(perhaps mostly developers) and the platform's development/admin team seems the most beneficial course at this time. I have outlined, my issues above and attempted to suggest a potential mutually beneficial solution. I am open to constructive criticism and/or comments.
I outlined some of my reasonings on the Forums, but I regularly use both the Create and Delete endpoints and ended up being impacted by this change.