Distributing a desktop application with links to Twitter API


Hi I’m brand new here !

I’ve just started looking at the Twiiter API.

I’ve managed to setup an “application” in my developer account and have used the keys to post a tweet to my time line and also get timeline information from others within a desktop application test project i’m writing

My question is if I develop things further and get them working on a technical level it’s not quiet clear to me how things will work when the application is sold

ie If it was a Web Application I was writing that obvioulsy sits on a webserver and can use my twitter developer account/application to access twitter … However … If it is a commercial desktop application how does that work ? do all thouse customers relly need a twitter developer account / application linked to thier twitter account to give those credentials to our application ? that doesn’t sound quite right to me

I can’t seem to find any information on here for using the Twitter API in commercial desktop applications in terms of distribution to end users etc

Thanks in advance for any help

Kind regards


In this scenario, you would (with best effort) securely distribute your application with its consumer key and secret locked away within. For end-users who have obtained your application, you leverage your API keys to send them through the web-based OAuth flow (likely using a custom URI scheme registered with the operating system your application is running on as your oauth_callback) and obtain the access token belonging to your end user. You then make API requests on behalf of that user using that access token.



Thanks for you prompt reply.

I think I sort of understand.

So having been through the oAuth flow who is that user in terms of twitter ? ie If the post a tweet using my desktop application into their timeline … where will it appear ? On my timeline because it’s my “twitter application” and my consumer key or theirs because somehow despite using my consumer key/secret it knows who they are ? and I am now them ?



Think of access tokens as proxies for users. Your application uses that proxy to make API requests to Twitter. When a request like this comes to Twitter we identify a single user context – the one presented in the access token – as well as an application context – the application encoded/identified in those tokens.

Applications don’t tweet. Application’s don’t follow users. Applications don’t really do much of anything on the Twitter API.

Users tweet through applications. Users follow through applications. So when a user performs these actions in your application, they are doing so with the account that you negotiated an access token for, and the tweets will post to their user timeline and so on.

You’re responsible for what happens in your application, and your user account “owns” the application record – but as far as your user identity is concerned, it’s not really tied to the application… you’re just another user of your own application.