Send secure authorized requests to the Twitter API

Twitter uses OAuth to provide authorized access to its API.



  • Secure - Users are not required to share their account credentials with 3rd party applications, increasing account security.
  • Standard - A wealth of client libraries and example code are compatible with Twitter’s OAuth implementation.

Twitter API Authentication Model

There are two forms of authentication.

User authentication

This is the most common form of resource authentication in Twitter’s OAuth 1.0a implementation. A signed request identifies an application’s identity in addition to the identity accompanying granted permissions of the end-user the application is making API calls on behalf of, represented by the user’s access token.

Application-only authentication

Application-only authentication is a form of authentication where an application makes API requests on its own behalf, without a user context. API calls are still rate limited per API method, but the pool each method draws from belongs to the entire application at large, rather than from a per-user limit. API methods that support this form of authentication will contain two rate limits in their documentation, one that is per user (for application-user authentication) and the other is per app (for this form of application-only authentication). Not all API methods support application-only authentication, because some methods require a user context (for example, a Tweet can only be created by a logged-in user, so user context is required for that operation).