How to use API keys for multiple instances of an intranet application


#1

We sell an intranet portal that our customers are installing in their datacenter, so each customer has a separate installation.

In the portal the users can subscribe to a specific Twitter “search”. We use the Twitter Streaming API to retrieve results for the search continuously.

What is the correct way to register an application and use API keys for this use case?

Do we register one application, and use one API key per customer? If so, how can we make sure we don’t run out of API keys.

Is there a recommended model for our situation?


Auth and developing with more than one account
#2

This is a great question.

You should only have one developer account per organization. I recommend that you apply for an ‘organization’ account as opposed to an ‘individual’ account.

Once you have that developer account set up, you will be able to set up different Twitter apps. You should have one Twitter app per use case.

In your situation, you should probably just have a single Twitter app. Then, you will use the 3-legged oauth process to authorize your application to make requests to the statuses/filter endpoint. You can authorize your app to make requests on behalf of as many users as you’d like.

So at the end of the day…
You should have one developer account that manages all of your Twitter apps.
You should have one Twitter app per use case.
You should then authorize your Twitter app to make requests on behalf of your users.


#4

Thanks for useful feedback.

I have one thing that I would like to have clarified.

Are you saying that every user of our app need to log in to Twitter, so that our app can access Twitter on their behalf? Or, can we do the searches with our own tokens? And if so, how do we avoid running out of tokens? (We cannot create more tokens right now)

One challenge is that we have some Twitter searches that are shared across users, so the search should ideally belong to the app, and not a specific Twitter user.


#5

You can have a single connection with multiple parameters per user that you are authorized to make requests on behalf of.

Based on what little I know about your use case, I think you are going to have to authorize each of your users to be able to establish different streams with different sets of parameters. Each user that you authorize will provide you a new set of access tokens that you will use in your request. You can use a single set of access tokens to open up a stream that could be used for multiple users.


#7

When I use the 3-legged oauth process to authorize my application to make requests on behalf of other users, if my app use Twitter Search Premium API, who needs to subscribe the API, me or the other users? I mean, request will charged from my acount or from the user who my application make requests on her behalf?


#8

For the premium API, you have a quota of requests per app per month that are part of your billed package. These are at the app level; the number of users authenticated are not relevant.


#9

Considering our customer has an API subscription and they want our application use it instead of our subscription. Is that possible? If so, how can we configure their account to be charged?


#10

It sounds like you want an app to be transferred between accounts (assuming that the account is already approved and commercial). You will meed to request this via help.twitter.com/forms/platform


#11

Thanks for your answer.
What account must be approved, mine or my customer’s one?
And, after I transfer the app, will other customers continue using my app with my subscription?
Because we have multiple instances in multiple customers and each customer could have a separate subscription.


#12

If I understand correctly, you will want to make sure that your developer account has been approved.

You don’t need to pass along user access tokens when authing your premium Search requests, so you don’t need to go through the 3-legged oauth process for your customers. you will just set up your premium paid subscription using your developer account and make requests using a bearer token that is associated to your Twitter app.


#13

Thanks, but I’m a bit confused now.
My developer account has already been approved. That’s not a problem.
I’ll describe an example.
Customer A buy our solution and install an instance in their own datacenter.
Customers B and C do the same.
We understood that we must have 3-legged oauth because we can’t use the same app token in three different instances, ok?
Considering the previous answer is ok. So, each customer will have a regular Twitter account that will authorize to make requests on behalf of them. And, my developer account must have an API subscription related to my application.
My assumption is that Customer A has a developer account and has an API subscription. They want to use it instead of our subscription. Is that possible?
andypiper’s answer suggests that I can transfer my application to Customer A, to do that. If I do it, will Customers B and C can use my subscription yet?
Thanks again.


#14

This assumption is not correct when you are using the premium Search API.

The premium search API doesn’t require user context auth (oAuth1.0a), so you don’t need to pass user tokens with your request. Therefore, you just make the request with your API Key and secret or bearer token and pass along the data to your customers.

If your customer would prefer to have their own subscription, then they will have to apply for a developer account and set up their own API subscription. Of course, you can do this if you have their credentials.

If you have an existing app that you would like to transfer to another developer account, you can do so by filling out the following form: https://help.twitter.com/forms/platform.

I’m not sure what you mean by this:


#15

Thank you so much for your answer. My doubts are answered.

Don’t worry about the question. It isn’t relevant since I understood I can use a customer’s own subscription.


#16

Glad I could help!

Closing this ticket to avoid scope creep. Feel free to submit a new one if you have any additional questions.


closed #17