OAuth FAQ

General

What is OAuth?

OAuth is an authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner’s Guide to OAuth from Hueniverse.

Where do I create an application?

You can create new applications at apps.twitter.com. You must be logged-in to your Twitter account in order to do so.

Technical

How long does an access token last?

Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their Twitter account settings, or if Twitter suspends an application. If an application is suspended, there will be a note on the apps.twitter.com page stating that it has been suspended.

What if an access token becomes invalid?

Assume a user’s access token may become invalid at any time. If this happens, prompt the user to re-authorize the application. Ensuring that this situation is handled gracefully is important for a good user experience.

The application registration page asks about read/write access. What constitutes a write?

Many users trust an application to read their information, but not necessarily change their user profile information or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires an HTTP POST. Any API method that requires an HTTP POST is considered a write method and requires read & write access.