Authentication

OAuth FAQ

General

What is OAuth?

OAuth is an authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information can be found at oauth.net.
 

How do I generate access tokens?

You must have a Twitter app to generate you access tokens. Learn more about access tokens here

How do I create a Twitter app?

You must have an approved developer account to create a Twitter app. You can apply for a developer account here.
 

If I already have a Twitter app, how do I view and edit that app?

You can view and edit your app from the Twitter app dashboard if you are logged into your Twitter account on developer.twitter.com.
 

Technical

How long does an access token last?

Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their Twitter account settings, or if Twitter suspends an application. If an application is suspended, there will be a note in the Twitter app dashboard stating that it has been suspended.
 

What if an access token becomes invalid?

Assume a user’s access token may become invalid at any time. If this happens, prompt the user to re-authorize the application. Ensuring that this situation is handled gracefully is important for a good user experience.
 

The application registration page asks about read/write access. What constitutes a write?

Many users trust an application to read their information, but not necessarily change their user profile information or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires an HTTP POST. Any API method that requires an HTTP POST is considered a write method and requires read & write access.