Authetication and requests


Please help me on the following 4 questions. Thanks in advance.

  1. There are several options for “Obtaining access tokens”. I would like to use some API for visitors to my website. Seems I should use 3-legged Oauth. However, if I use this one “The user will always be prompted to authorize access to your application, even if access was previously granted.” per the document. I do not want user always be prompted. So, Seems I have to use “Sign in with Twitter”. Is this correct? I actually won’t allow user “sign in” to my site with his/her twitter account. I just need the user to grant permission to use twitter API. Should I user “sign in with Twitter” in this case? I with it does not interfere with other sign in experience on my site.

  2. API 1.1 requires authentication for most of the API’s, such as “Get users/show”. I know it is suggested to get authentication on server end. After getting authentication, can I make request on client side with JS? Or it is not supported? If it is supported, can you point me to an example how the request being sent?

  3. As I understand, the rate-limit is per-user for request with authentication. This means that even if I make request on server end, I won’t run into rate-limit issues unless one user is sending request more than the rate-limit. Is this correct?

  4. This is from the document on Oauth (sign in with Twitter): “Signed in and approved: If the user is signed in on and has already approved the calling application, they will be immediately authenticated and returned to the callback URL with a valid OAuth request token. The redirect to is not obvious to the user.” My question is: is there a rate-limit on the authentication request? After user signed in, for each request from my server end to gain the request token, is it an user based rate-limit or IP based? I am trying hard not run into the rate-limit issue.



Also, I believe Oauth 2.0 is not supported; and twitter is still using Oauth 1.0a. Is this correct?