How would I pull ~20 latest statuses from user_timeline with API 1.1 without Oauth?


So - I use to just do HTTP request and parse json:$name&count=$count&include_rts=1


With API 1.1 - it looks like I’d have to register an APP and use Oauth authentication… - right? IS there a way to get last 20 statuses without using Oauth?


You must use OAuth for all methods in API v1.1, including user timeline.


does this mean that I would have to create a fake APP just to be able to pull data from user timeline? And then if I wanted to roll out a website module for multiple sites where I would just be showing one or more tweets I could potentially run into a problem where my OAuth data is being used too many times?

Any good links to php curl implementation of the v1.1 user_timeline?


What a pain - I am in the exact situation as Neilakapete - we used the XML pages within a CMS, where the site owner can enter their screen name and it would pull their tweets onto the homepage. Now that’s not going to be so easy… without any benefit?



In the same boat here. I have an app that used the exact same command as the OP, albeit in XML instead of JSON, and parsed for the latest tweet with a regexp. No OAuth or anything else. App is written in PHP.

The docs aren’t exactly clear (at least to me) on what I need either.

The docs say user_timeline now needs a “user context”, which I take to mean “user needs to give permission, then my app works as if it were them” to make the fetch. The whole point of my app (a forum sigbar image generator) was to enter a feed name, including ones the users of my app don’t own and have the latest tweet shown on your image.

Is there a way to do this now? Does a user context need to be the user whose timeline I want (i.e. do I need ABC’s user context to read ABC’s public timeline, or can I use DEF’s context to read ABC’s public timeline)? Could this account make the requests for all users on my system?

I know I need to add the authentication code, but exactly what do I need?


The app would not be “fake” – the app exists, the app is your website. The app record you create to get an API key with Twitter represents your application, your website. works well with API v1 and v1.1 and OAuth.


We make single-user use cases easy around here. See [node:124] for some overview information. When you create an application on you can also generate an access token that represents your account’s relationship with your application – without having to go through the web-based OAuth flow to negotiate it.

You can then skip all those steps around acquiring request tokens and access tokens and jump right to the point where you use the combination of your API keys & secrets and the access token & secret to make signed requests to Twitter on your own behalf.

Once you have the four pieces of information you need, you can plug them easily into code such as this from tmhOAuth:

require '../tmhOAuth.php'; require '../tmhUtilities.php'; $tmhOAuth = new tmhOAuth(array( 'consumer_key' => 'YOUR_CONSUMER_KEY', 'consumer_secret' => 'YOUR_CONSUMER_SECRET', 'user_token' => 'A_USER_TOKEN', 'user_secret' => 'A_USER_SECRET', ));

$code = $tmhOAuth->request(‘GET’, $tmhOAuth->url(‘1.1/statuses/user_timeline’), array(
‘screen_name’ => ‘SBTDev’));
$response = $tmhOAuth->response;


Thanks for that link to the single user oAuth page and the code. That’s almost exactly what I was looking for.

I’ll try it out later today when I get the chance to look at my program. :slight_smile:


But if I am generically making this a module available to many people who use my CMS then it would be from their website not mine?


You’re telling me if I want to retrieve the latest tweet for each of a handful of users, I need to a create a twitter application and hard code a single user account’s token and secret to sign every request?

Why would you force authentication to retrieve publicly available data?

What about static sites without a backend? Are they now forced to use Twitter’s embedded timeline? And the Twitter Search API will be behind authentication? And the 1.1 documentation isn’t even complete yet? And the “userless” application-only authentication may or may not be available in a few weeks? What? Why?


I wondered the same thing. Public info shouldn’t need authentication IMO.

Anyway, the code that @episod posted above works perfectly. After that, just modify line 10 to make the appropriate request.

It really only needs a single user token (your account’s token from the bottom of the application page) to fetch all of your users’ timelines.


In that case, you would ask those users to register an application and enter their keys when configuring their module. Or accept the responsibility of distributing your API keys with the module, which is discouraged but not outright prohibited by our TOS.


I’m lost in translation a bit here.

The array that $response = $tmhOAuth->response; returns, what part of that is my actual status?

What do I need aside from those two PHP files, configured correctly, to echo or print the latest status from my timeline? Many thanks.


It’s just crazy to make it server-side with Oauth for PUBLIC timeline.

All sites on github with remove their twetter features, and probably many others not have the time to implement your changes.

So this will be the end of on-site implementation, until some services to do it instead of you.


“We make single-user use cases easy around here…
…Once you have the four pieces of information you need…”

I’m a web designer and developer, and I’m not able to update the code on some of my previous web projects.

user_timeline.json is a very useful feature to generate very simple embedded timelines, able to be styled via CSS, but continued updates to the twitter API keep “breaking” it. Why is this not clearly explained in the Documentation? I had to do some creative google searching to even find out how to update it to work with the 1.0 API. What happened to “future-proof” coding practices?

I really don’t want to be forced to register an App for each website I build, or distribute my personal authorization code to others. Please elaborate as to how this would be easily configured for multiple projects.

Apologies for hijacking this thread, but it is very relevant to my questions, and it seems as a few others here are asking the same thing.

“Why would you force authentication to retrieve publicly available data?”


I was thinking the exact same thing.
I don’t know how many times I visited the page for the public timeline method and thought “Authentication to get a public timeline? This can’t be right?”

If it’s just for rate limiting, why not just use IPs?


Its truly and honestly not right to have to authenticate to retrieve publicly available data.




Guys, read this - great article on this subject and explains the way to Auth via Php while still being able to run jQuery


This is absolutely outrageous to use authentication to get tweets…with that said I used this with PHP and it worked. My question here is, how do I translate this into Java?