OAuth FAQ

What is OAuth?

OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. More information can be found at oauth.net or in the excellent Beginner's Guide to OAuth from Hueniverse.

Where do I create an application?

You can create new applications on the Twitter Developer Site at https://dev.twitter.com/apps.

When are you going to turn off Basic Auth?

We announced in December of 2009 the deprecation of Basic Auth. Its removal date from the platform is set for June 2010. We announced towards the end of June 2010 that we have postponed this until August 16th 2010.

Can my application continue to use Basic Auth?

You can continue to use Basic Auth until the turn off date, but we strongly recommend moving to OAuth now. We have increased rate limits for OAuth traffic to api.twitter.com endpoints to 350 requests per hour, more than double the current Basic Auth rate limit.

How do I convert my Basic Auth application to OAuth?

Conversion is largely dependent on the programming language and libraries that you use. See Transitioning from Basic Auth to OAuth for help.

How long does an access token last?

We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.

The application registration page asks about read/write access. What constitutes a write?

Many users trust an application to read their information but not necessarily change their name or post new statuses. Updating information via the Twitter API - be it name, location or adding a new status - requires and HTTP POST. We stuck with the same restriction when implementing this. Any API method that requires an HTTP POST is considered a write method and requires read & write access.