I use the following code to embed tweets into my website:
<blockquote class="twitter-tweet" lang="en"><p><a href="https://twitter.com/twitterapi/status/tweetId"></a>
I have access only to the tweet id not the username. I use this url to get the tweet: https://twitter.com/username/status/tweetId, where tweetId is known. It works fine with a random string instead of the username, but is this safe?