Send secure authorized requests to the Twitter API

Twitter uses OAuth to provide authorized access to its API.


  • Secure - Users are not required to share their passwords with 3rd party applications, increasing account security.
  • Standard - A wealth of client libraries and example code are compatible with Twitter’s OAuth implementation.

API v1.1’s Authentication Model

There are two forms of authentication in the new model, both still leveraging OAuth 1.0A.

Application-user authentication

This is the most common form of resource authentication in Twitter’s OAuth 1.0A implementation to date. Your signed request both identifies your application’s identity in addition to the identity accompanying granted permissions of the end-user you’re making API calls on behalf of, represented by the user’s access token.

Application-only authentication

Application-only authentication is a form of authentication where your application makes API requests on its own behalf, without a user context. API calls are still rate limited per API method, but the pool each method draws from belongs to your entire application at large, rather than from a per-user limit. API methods that support this form of authentication will contain two rate limits in their documentation, one that is per user (for application-user authentication) and the other is per app (for this form of application-only authentication). Not all API methods support application-only authentication.