Authentication
Twitter APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There are a few methods for authentication, each listed below.
Most developers will not need to work with the details of authentication as Twitter client libraries already implement the protocol. Supported libraries >
Authentication methods
OAuth 1.0a
OAuth 1.0a allows an authorized Twitter developer app to access private account information or perform a Twitter action on behalf of a Twitter account.
OAuth 2.0 Bearer Token
OAuth 2.0 Bearer Token allows a Twitter developer app to access information publicly available on Twitter.
Basic authentication
Many of Twitter’s enterprise APIs require the use of HTTP Basic Authentication.
When to use
The most common methods used by the Twitter Developer Platform are OAuth 1.0a and OAuth 2.0 Bearer Token. The best place to check the authentication method required for an endpoint is the API reference page.
Some differences between OAuth 1.0a and OAuth 2.0 Bearer Token methods are:
| Differences | OAuth 1.0a | OAuth 2.0 Bearer Token |
| Ability to search Tweets | ✔ | ✔ |
| Ability to pull user timelines | ✔ | ✔ |
| Ability to get trends data | ✔ | ✔ |
| Ability to like/create/Retweet a Tweet on behalf of a user | ✔ | |
| Ability to retrieve a users' email address | ✔ | |
| Ability to read/write advertiser data | ✔ | |
Keys and tokens |
Consumer API keys + Access token & access token secret |
Consumer API keys |
| Rate Limits | Distinct per User | Distinct per Application |
Please note: Consumer keys can be obtained from your Twitter apps detail page found in the developer portal, where you can also generate an access token and access token secret. To generate access tokens for a different user, you will need to go through the 3-legged OAuth process.
Additional resources
Guides
Learn how to generate tokens and authenticate requests using our integration guides.
Protect yourself
Make sure you understand the best practices for storing your keys and tokens.
