Authentication method for a "feed consumer" app?


#1

Hello,

I’m working with a University that uses Twitter to post news (events, rewards they got, new classes, etc). We develop an iOS and Android app so students can keep up with their classes, check library loans, check the parking occupation and display the same news posted on Twitter.

Right now we are using the REST 1.0 API and I want to upgrade to 1.1 for two reasons: 1) Increase the request limit and 2) Be ready for the 1.0 full deprecation.

So I was checking the proper authentication method and couldn’t find something that would fit what we need, but let me put a bit more information here:

  1. I can’t ask the user to use his/her account. I won’t be posting or checking his/her subscriptions, I’ll be checking a single account (the University account). Also, maybe the user doesn’t have a Twitter account or doesn’t want to set it up on their mobile.

  2. I can’t simply create an OAuth token and embed it in the application 'cause that would mean that all students would consume the limit of the token; with 2500 people already using the iOS app (and about the same using the Android version), the rate limit for the token would be reached pretty fast.

  3. The current implementation (with API 1.0) may already have a rate limit problem due the fact that the University provides a wireless network to all students. Although they have several external IPs, in our test cases (with some staff and teachers) the rate limit is being reached.

As far as I can see, the best solution in this case would be using xAuth and authenticate with the University account, getting a new token for each mobile, preventing reaching the rate limit. Am I in the right track?

(The “best best” solution would be an application-based request, but I can’t find anywhere to ask for it or how to use it.)


#2

Please, any feedback on this?


#3

Hi Julio,

Requiring that your end-user has a Twitter account is the most practical means to scale any application with API v1.1. If you want to show a user a Twitter feed from the application, you will be best served by requiring that that end-user has a twitter account. All scaling with the API assumes that you scale via access tokens.

In the near future we’ll have an additional form of authentication for API v1.1 – application-only authentication. It can be used in a use case like this, but the rate limiting scenario will be per-application, not per-instance or per IP address – you would still certainly face a scaling issue with limits.

What you might want to consider is a server-side solution where you have either use a dedicated account or, when it’s made available, this application-only form of auth to collect tweets relevant to your users. Your mobile application would then request this information from your server instead of Twitter directly.