Oct 26, 2018

Application-only authentication of Twitter API for read only access

If you are only going to make read-only requests to Twitter – like fetching user timelines for Twitter RSS feeds or performing searches, you can use application-only authentication. You won't be able to post tweets or DMs though.

Twitter offers applications the ability to issue authenticated requests on behalf of the application itself (as opposed to on behalf of a specific user). Twitter’s implementation is based on the Client Credentials Grant flow of the OAuth 2 specification. Note that OAuth 1.0a is still required to issue requests on behalf of users.

With Application-only authentication you don't have the context of an authenticated user and this means that any request to API for endpoints that require user context, such as posting tweets, will not work. However, the set of endpoints that will still be available can have a higher rate limit.
Your app will be able to, for example:
  • Pull user timelines;
  • Access friends and followers of any account;
  • Access lists resources;
  • Search in tweets;
  • Retrieve any user information;
And it won't be able to:
  • Post tweets or other resources;
  • Connect in Streaming endpoints;
  • Search for users;
  • Use any geo endpoint;
  • Access DMs or account credentials;
You can check if an endpoint is available for app-only auth in the sidebox at endpoint page.