I’m trying to find a method for validating that a request actually comes from the Twitterbot, since it’s trivial for someone to change their user agent to be “Twitterbot/1.0”. Google and Bing ask you to do a reverse DNS lookup to check, Facebook has a whitelist which is updated often, but I can’t find anything for Twitter.
I found someone asking this same question in the forum, but it was over two years ago, so I don’t trust the source to be up-to-date or reliable.
Is there an official whitelist, or other verification method for Twitterbot?
