- Secure - Users are not required to share their passwords with 3rd party applications, increasing account security.
- Standard - A wealth of client libraries and example code are compatible with Twitter’s OAuth implementation.
Twitter API Authentication Model¶
There are two forms of authentication, both leveraging OAuth 1.0A.
This is the most common form of resource authentication in Twitter’s OAuth 1.0A implementation to date. Your signed request both identifies your application’s identity in addition to the identity accompanying granted permissions of the end-user you’re making API calls on behalf of, represented by the user’s access token.
Application-only authentication is a form of authentication where your application makes API requests on its own behalf, without a user context. API calls are still rate limited per API method, but the pool each method draws from belongs to your entire application at large, rather than from a per-user limit. API methods that support this form of authentication will contain two rate limits in their documentation, one that is per user (for application-user authentication) and the other is per app (for this form of application-only authentication). Not all API methods support application-only authentication, because some methods require a user context (for example, a Tweet can only be created by a logged-in user, so user context is required for that operation).