Authenticating when using Social framework for iOS?


My iOS app integrates with Twitter through the Social framework. I read here that unless users are authenticated, API requests will be rate limited:

In this specific case, the person is using iOS. I don’t know how to ensure my users are authenticated. It says here “This framework removes many of the common obstacles encountered when accessing Twitter’s API, including authentication”:

And states here:

“The account is used to sign a request with OAuth1 services or to add an access token for OAuth2 services. By associating the account with the request, the necessary tokens are added automatically.”

I use this framework, and do this, so does this mean that I don’t have to worry about authentication? It seems to look that way, but I’d like to know for sure before I ship and find out I missed something.


Yes, you still need to consider authentication. The Social framework abstracts the typical OAuth signing process to make it very easy for you to sign a request on the user’s behalf. This is what is meant by “…associating the account the request, the necessary tokens are added automatically.”

See [node:3029] for more information on how to sign the request by attaching a user’s ACAccount instance.

Let me know if that makes sense, or if you have any other questions.


I do - I’m still unsure on this.

I have this code:

ACAccountStore *accountStore = [[ACAccountStore alloc] init];
ACAccountType *accountType = [accountStore accountTypeWithAccountTypeIdentifier:ACAccountTypeIdentifierTwitter];
[accountStore requestAccessToAccountsWithType:accountType options:nil completion:^(BOOL granted, NSError *error) {
if (granted) {
NSArray *accounts = [accountStore accountsWithAccountType:accountType];
if (accounts.count > 0)

            NSURL *mentionsURL = [NSURL URLWithString:@""];
            NSMutableDictionary *parameters = [[NSMutableDictionary alloc] init];
            [parameters setObject:@"3" forKey:@"count"];
            [parameters setObject:@"0" forKey:@"include_entities"];

            for (ACAccount *twitterAccount in accounts) {
                SLRequest *twitterInfoRequest = [SLRequest requestForServiceType:SLServiceTypeTwitter
                [twitterInfoRequest setAccount:twitterAccount];
                [twitterInfoRequest performRequestWithHandler:^(NSData *responseData, NSHTTPURLResponse *urlResponse, NSError *error) {
                    //Do things

Does that code mean I’ve done it correctly for authentication, or is there still more to do?


Yes, line #19 is where you’re effectively authenticating the request.


Sorry, it’s not showing me my reply. So you’re saying my code is fine, and the user being authenticated means I don’t have to worry about rate limiting on all of my users if one user has excessive usage of ?


Yes, the code looks OK and should authenticate users ( I haven’t had a chance to execute it, though, so make sure you test it :slight_smile: )

Each authenticated user receives 15 calls to the mentions timeline endpoint every 15 minutes. One user’s rate limit will not affect another user’s. So, in one 15 minute window, User A could blow through 15 calls and have 0 left while User B can use 3 calls and have 12 left.

We have a detailed explanation of the our rate limits over at [node:10066] if you want to learn more.