App key + secret - Security bridge?


Hi All,

A website is supposed to show a widget with tweets from our twitter account.

In order to achieve that, they are asking for App key + Secret.
I am wondering if in terms of security, this can get us into some kind of trouble.

Can anyone explain what privileges I actually give someone by exposing my app key and secret?

Thanks for any help!


It is no necessary, for show a simple widget in a website they didn’t need anything of you.


Handing over an app key and secret is similar to handing over a username and password to your account. You are giving someone else the ability to act on your behalf, and could be banned for bad actions including spam.

The user timeline widget displays Tweets from your Twitter account. Generate a new widget on and copy-and-paste the generated HTML into your website.