Creating a social media management tool, questions about what is and isn't allowed



Hey everyone,

I’m currently working on a social media management tool for businesses and individuals. The goal is to compete with Hootsuite, Buffer etc. I’ve spent some time looking over Twitter’s automation rules and I believe I have a decent understanding of them, however I would like to ask a few questions just be sure I’m on the right page:

Following via API calls
I’m aware that I cannot follow users automatically, such as on a 5 minute timer, through the API. My original plan was to do something similar, however I noticed none of the similar services were doing anything like that so I decided to look into why and figured out it isn’t allowed. I then thought of a section on my website where users can look up who followers a specific user, or who is Tweeting about specific words and be given a list of users. This list would be displayed similar to a “who to follow” list from Twitter. There would be a profile picture, a name, a follow button etc. Clicking “follow” will have my app follow that user from my client’s account. Obviously the client wanted this action to be done, and of course this will only be done if they do click follow.

Is this form of following via API calls, where the user gave direct permission to follow a user, allowed? If not, what would be the best way to integrate a following feature into my tool that is allowed? Wanting to do everything by the books here.

Unfollowing via API calls
This feature will complement the above feature. The goal is to notify my clients when a user they followed (using the above feature) does not follow them back without 24 hours. This will be a section of my website that will create a similar list of accounts with their name, profile picture and an unfollow button. Clients can click the unfollow button (giving direct permission for this action) and an API call will be sent to unfollow that user from the client’s account.

The concept of following / unfollowing to gain attention to an account is not allowed through API calls, however if the user is performing this action manually every time (which they could do without my app anyways) is this allowed? Of course there will be functionality to complement the 1,000 follows a day Twitter limit, and any other limits Twitter has in this area.

The reason of wanting to implement it into my website through my app is to track everything the user does for their analytics and provide one website / interface for the user to manage all of their social media profiles.

“Automatically” Replying
Two questions regarding this topic:

  1. One of my features is to “automatically reply” to Tweets @ you that contain specific key words. For example if you receive a Tweet saying “@YourNameHere when is your next sale?” You can listen for “when”, “next”, and “sale” and reply to that Tweet with a pre-defined message. Obviously this won’t be ideal for most cases, and the more key words that are used in every Tweet regarding how you’d reply the better. But there is a time and place for this functionality, and it is completely set up by the user. The control panel I have set up looks like this:

As you can see there’s a field for keywords to listen to, a field for your reply, a media section, etc. A key thing to note is the “Automatically Reply” and “Require Approval” section. Require approval will add replies to a queue for my clients to click “Approve” on, once that occurs the Tweet will be sent. Essentially the same thing as them replying to the Tweet except it writes it for you. Are either/both of these (Auto reply / require approval) allowed?

  1. I recently Tweeted about my phone data and a Sprint account replied within a few moments. I’m sure they aren’t auto replying as they had a reply that was very specific to fix my problem, giving the assumption that a human wrote it. With this said, would it be allowed for my service to read Tweets directed @ my client’s accounts that contain key words and add them to a queue for my clients to review and reply to? There would be a text field for them to type a reply to, and a Tweet button. Alternatively, if allowed, my clients could set up pre-written replies (similar to the concept above) that are inserted into the reply fields. My clients could edit them however they’d like, add media, etc. before clicking ‘Tweet’, or just not reply. Every action here requires my client to perform the action themselves, thus giving direct permission for this action. Would this be allowed?

Would either of these be allowed? If not, what would be the best solution for creating a feature similar to what I assume Sprint was using in my 2nd example.

Sending DMs to new followers automatically
It says in your rules that if my client would give direct permission to this functionality that this would be ok. Would my client having to set up a “Send DM to new followers bot” manually be considered giving sufficient permission for my app to take such action? It will queue DMs to be sent to avoid rate limiting, as expected.

Receiving DMs
Correct me if I’m wrong, but you cannot listen to new DMs being sent to you. However I often see tools have “one unified inbox” where they listen for FB, Twitter, etc. private messages and put them all in that one inbox for convenience. This requires listening to new DMs being sent to you. Is that possible to do, or do you need to be ‘whitelisted’ for this functionality? If so how would I go about doing that?

Tweeting at new followers automatically
As this isn’t an incredibly useful tool, I see some accounts do this. To my knowledge eClincher includes this functionality. Basically my clients would be able to set up text to Tweet @ new followers. If @Bob follows one of my clients who set up this bot, my client’s account could Tweet “@Bob thank you for the follow!” for example. Would this be allowed?

Follow back bot
Similar to above, I’m wanting to add a follow back bot to my service. Of course the user will have to set this up on my website, would that be considered sufficient permission? Follows will be added to a queue that is delayed to be sure my app isn’t breaking the rate limits.

Tweeting from my website
I’m creating a ‘sub-account’ / ‘team member’ feature where businesses can manage and oversee their employee’s actions on their Twitter account. Would it be allowed to include a text box and a Tweet button for employees to post Tweets or reply to Tweets automatically? It will act very similarly to Twitter’s normal Tweet publishing, however it being on the site will allow the business to set specific permission (Only replies, no media, etc) for each employee (sub-account), monitor all Tweets sent by that employee, include ending signatures to Tweets automatically (- AF for example, the initials of the employee which we often see), etc. Would Tweeting from this form of control panel on my website be allowed?

These are all of my grey-area features that I’d like to get some more information on. A few of the other features we’ll include I’m assuming are fine as every other tool does these. A few examples would be scheduling Tweets, mass scheduling Tweets (my clients set up a large amount of Tweets in our scheduling control panel and their account will Tweet out a random one every X hours/days/etc. This will only repeat Tweets once it has used all Tweets once in that queue. We often see very large accounts post content hourly through a system like this), sub-accounts / team members for businesses to manage their employee’s actions on their Twitter, etc.

Keep in mind my app won’t do anything with my client’s Twitters unless my client sets up that functionality. There will be a control panel with a series of sub-control panels to manage and set up the features listed above. I ask this throughout each above section, but to be 100% clear: Would them having to set up each functionality be considered efficient permission for API calls to be performed while staying in compliance of Twitter’s rules? Wanting to do everything by the books of course, and putting a lot of work into this service (It’s a solo project) so I’m wanting to be sure it isn’t all for nothing.

Thank you all for reading!


Sorry for bumping but I could really use some help and input please, thank you guys for your time


This one is likely to get your app suspended despite other people doing it. It was a minor feature of my app and we got suspended within a week and told to remove it.

You’re not likely to get a straight answer from any official Twitter personality to these questions though. You need to understand that Twitter has a huge spam and bot issue that they’re trying to resolve so they can’t reveal too much information about how to stay out of these gray areas. If they answer these questions directly, it becomes easier to abuse for anyone that stumbles across the thread and then everything has to change.

Your best bet is to go through the proper support channels for these questions which still aren’t likely to be answered. Alternatively you can just go ahead and start and wait to be suspended with minor tweaks to make.

I launched a product with similar features (not all but some) and have had to remove bits and pieces and add different little pieces here and there.

A good general rule of thumb, I believe, is that every action you make should be solicited. If it’s something on the user’s behalf, they should have had to do something to trigger it. If it’s something like replying to a tweet or mentioning another user, make sure that’s an expected action. If your clients are responding to things that have nothing to do with them to gain attention then you’re going to have issues. If they’re mentioning people that have never interacted with them, you’re likely to have issues. Things like that.


Thanks for chipping in here, @DanielCHood - appreciate it - I think your comments here are all pretty reasonable.

First thing @Leet_Gamer - you’ve obviously asked a whole bunch of questions here so bear with me if I can’t cover absolutely everything in the post. Also, please understand that we can’t engage in discussion over every feature of every app out there; or, comment on individual apps as we may not be directly familiar with them, and there are privacy considerations from a user support perspective.

The official guidance on all of this is the automation rules, which you’ve already read. You should also read the other rules linked from the automation support article as they contain relevant advice (e.g. link sharing, retweeting etc).

Your description of proposed follow functionality sounds reasonable, so long as each operation is via a button click and not an automated list-style follow all. Also I would not recommend what you’re talking about in the follow/unfollow within 24 hours section, since that’s likely to be picked up by our bot systems as a spammy behaviour. A “follow back bot” would not be a good idea.

Automated replies are pretty clearly discouraged per the automation rules. Same for Tweeting at new followers. Both are likely to get your app write-restricted by our Botmaker antispam tools. As @DanielCHood says, unsolicited automated Tweets are not popular with users and your app could be suspended for them.