Game-Hacking | PC Game Modding | Game Engine library

In a nutshell, my project consists of:

• A secure RESTful API web service (hosted on Heroku), handling requests/responses for a database. It accepts & returns JSON data
• A Unity desktop application, which doubles as a Twitch API chat bot, and communicates with the webservice to update the state of the game, as well as the state of the database.
  • IMPORTANT: This game is meant to be run by Twitch streamers, and played by users in Twitch chat

So my question is... Even though my web service is secure, what can I do to ensure that someone won't simply reverse engineer my Unity application to figure out how to properly communicate with my web server?

Encrypted HTTP traffic stops packet sniffing, but is a moot service if you can still use the same methods the application uses to interact with the data. Perhaps I'm being too paranoid, but there are plenty of tools out there that specifically target Unity & C# projects, so it really wouldn't take much effort.

One idea I had was to use the Twitch API to check if the user is actively streaming the game, and only allow them to start the game if the web service can't find a duplicate IP address in the database with an "isStreaming" flag set. This works in theory... but in practice, anyone can set up a fake Twitch account and a fake or "blank" stream on their machine, and then run some reverse-engineered code from the game.

Is there anything else I could do to minimize a hacker's ability to interact with my database?