Is it possible for an application to issue a status update on behalf of a user?

iainraindesign · 2014-01-13T16:21:05.000Z

Just as the title says, given the correct authentication, it it possible for an application to issue a status update on behalf of a user?
If so, do you know what steps are required to achieve this?
Thanks

romainhuet · 2014-01-13T16:59:00.000Z

Hello Iain,

Yes. Once the user has logged in with your application on Twitter and gave it permissions to post Tweets, you can send a Tweet on their behalf using the following endpoint and their access token: https://dev.twitter.com/docs/api/1.1/post/statuses/update

Also, as a good practice for the user experience, please always make sure your users are expecting these Tweets to be posted on their account.

iainraindesign · 2014-01-14T13:04:58.000Z

Hi Romain,

Thanks for your reply. So far I have:

Obtained a request a token for the user with: https://twitter.com/oauth/request_token
Used the request token to obtain an access token with: https://twitter.com/oauth/access_token
Successfully used the access token to verify the user’s credentials with: https://api.twitter.com/1.1/account/verify_credentials.json

However, I then tried to issue a status update on behalf of the user using the access token with: https://api.twitter.com/1.1/statuses/update.json but this failed with status code 400 (Bad request).

Is this the expected way of issuing a status? Or am I doing something wrong?

Thanks,
Iain

iainraindesign · 2014-01-14T13:11:42.000Z

I should also add that when looking at the documentation for https://dev.twitter.com/docs/api/1.1/post/statuses/update it says that the authentication requires a user context, whereas it appears that the authentication that I am using is application-only. Are these two compatible, or is there something I need to do to obtain a user context first?

Thanks again,
Iain

episod · 2014-01-14T18:20:42.000Z

App-only auth provides only a context for your application. Users are the only entities capable of tweeting on Twitter, so you’ll need to use a form of auth that supports a user context. In the Twitter REST API, that means having to use OAuth 1.0A for your requests.

In almost all cases, all write actions (like tweeting, favoriting, following, etc.) are performed by users and you’ll need to use user-based auth for the function.

iainraindesign · 2014-01-15T10:01:13.000Z

Hello,

Thanks for your reply, but sorry, I still don’t understand this. I am already using OAuth 1.0a and I have basically just followed this…

"Want to read or post Twitter data on behalf of visitors to your website…"
https://dev.twitter.com/docs/auth/3-legged-authorization

…which seems to be exactly what I want to do. After re-reading this it appears that 3-legged auth does not come under application-only authentication and is actually user-based authentication anyway (presumably because it involves obtaining an access token from the user).

Given that my application is authorised by the user and that I have obtained an access token from the user, how then does the application post on behalf of the user as described in 3-Legged Auth where it says “Want to read or post Twitter data on behalf of visitors to your website…”?

Would it be possible to indicate which endoints I need to use?

Many thanks

episod · 2014-01-15T16:04:04.000Z

If you’re using that form of OAuth and have configured your application to be capable of read-write actions, then you can use [node:9703] to post on behalf of the user.

iainraindesign · 2014-01-20T18:03:52.000Z

I think I have now found the problem.

I’m using C# .NET to send the HTTP POST request to statuses/update but .NET does a strange thing with the request - it does not include the provided authentication header with the initial request and will only send it if the server responds with an authentication challenge 401 (Not authorized). However, Twitter appears to respond with what looks like an incorrect error code 400 (Bad request). Therefore .NET will not retry the request and send the authorisation header.

Bizarrely, it seems impossible (?) to force .NET to send the auth header in the initial request.

A couple of questions then:

Have you come across this before?
Do you know if there is a workaround?
Should Twitter not be returning a 401 instead of a 400 (which would probably fix the problem)?

Thanks

iainraindesign · 2014-02-06T14:15:53.000Z

Hello,

Is there anyone from Twitter that can help with this?

When sending a POST statuses/update.json using the standard C# HttpWebRequest library the post fails seemingly because Twitter appears to be sending an non-standard negotiate credentials response 400 instead of the standard 401 which is expected by the C# library.

Is there anything that can be done about this?

Thanks