Embedded tweets



I use the following code to embed tweets into my website:

 <blockquote class="twitter-tweet" lang="en"><p><a href="https://twitter.com/twitterapi/status/tweetId"></a>          

I have access only to the tweet id not the username. I use this url to get the tweet: https://twitter.com/username/status/tweetId, where tweetId is known. It works fine with a random string instead of the username, but is this safe?



It is not documented or guaranteed, no. Why do you only have access to the Tweet ID? you should be able to include the user ID as well, if you get the embed code from a Tweet page.


I get the twitter id from an external application on which I don’t have any control.


In that case, you can use the GET statuses/oembed endpoint. Here’s a handy blog post about that, from my awesome colleague @jbulava :rocket:


That solution requires authentication, I somehow wanted to avoid that, but if it is the only safe way I will use it.

Thank you


If you read the blog post and the docs carefully, there is actually still a /v1 unauthenticated endpoint available just for oEmbed, however that requires you to follow redirects in the future.

Note that the URL above uses v1.1 of the API. This version requires authentication and offers more predictable rate limiting. In addition, v1 is also available; it does not require authentication, but you should support HTTP 302 redirects as this endpoint will eventually migrate to a new path.


Yes, you’re right. I’ll consider all the solutions and choose what’s suited for the application. Thank you for your quick answers.