Send secure authorized requests to the Twitter API
Twitter uses OAuth to provide authorized access to its API.
Features
- Secure - Users are not required to share their passwords with 3rd party applications, increasing account security.
- Standard - A wealth of client libraries and example code are compatible with Twitter's OAuth implementation.
API v1.1's Authentication Model
There are two forms of authentication in the new model, both still leveraging OAuth 1.0A.
Application-user authentication
This is the most common form of resource authentication in Twitter's OAuth 1.0A implementation to date. Your signed request both identifies your application's identity in addition to the identity accompanying granted permissions of the end-user you're making API calls on behalf of, represented by the user's access token.
Application-only authentication
Application-only authentication is a form of authentication where your application makes API requests on its own behalf, without a user context. API calls are still rate limited per API method, but the pool each method draws from belongs to your entire application at large, rather than from a per-user limit. API methods that support this form of authentication will contain two rate limits in their documentation, one that is per user (for application-user authentication) and the other is per app (for this form of application-only authentication). Not all API methods support application-only authentication.
API v1.0's Authentication Model
In the now-deprecated API v1.0, some API resource requests require OAuth 1.0A authentication, some merely support it, and others do not require nor support authorization. All forms of authentication used contain a user context — there is no means to identify as an application-only to a resource. When credentials are incorrect and the method can be evaluated in an unauthenticated context, the request is treated as an unauthenticated request for convenience. The Search API supports only unauthenticated requests.