Need a Developer Account for third Twitter account used by our Academic campuses via REST API


#1

Hello Twitter,
Here at Texas A&M University, we have several campuses across the state of Texas, USA. Three of our campuses share an emergency notification system for campus emergencies. We have a separate twitter account for each campus. The accounts are used solely to send tweets during emergencies with a separate Twitter app for each campus using the REST APIs. We’ve obtained Developer account approvals for two of the three campus twitter accounts. The third Twitter account was denied a Developer account.
How can we resubmit a Developer Account application for the third Twitter account?

Thank you.


#2

I guess someone from twitter staff will chime in, but from what i know - it sounds like you should have 1 single application for these emergency alerts, and 3 separate accounts that use it - eg: Your Admin account may own the app and have 1 developer account, and each campus authenticates using the same app, and the app would use separate access tokens for each account to tweets alerts.

Since it’s emergency alerts, i’m also wondering if it’s possible to get something like https://twitter.com/SYFR - there’s a special alert box like:

" In times of crisis, this account helps share critical information with Twitter Alerts. Be prepared https://twitter.com/SYFR/alerts "

with a link to alerts for the account.

That looks like what you ideally need - but again, only someone from Twitter can point you towards how to get that, bit more on it here: https://help.twitter.com/en/managing-your-account/how-to-use-twitter-alerts


#4

Hi @TAMUCMAdmin. All of our developer applications are reviewed to ensure compliance with Twitter policy. While we can’t comment on specific cases, applications may be rejected if they are found to be in violation of any section of the Developer Agreement and Policy, Automation Rules, Display Requirements, and/or the Twitter Rules.

There currently isn’t a way to edit a rejected application, or to re-apply, however stay informed for product updates/changes.

Might I suggest using an organization account in the future, and inviting team members/users to join, so all of the campus accounts fall under a single organization umbrella? If you do it this way, you’d only need to apply for one developer account.

If you need to post to each account from a single app, you can do this by setting up 3-legged-OAuth to post on behalf of the user.

Let me know if you have any further questions.


#5

Hello Twitter Staff. Thank you very much for your previous response and recommendations. We do have a few questions that you can help us with:

  1. We submitted a Developer Account application for each of the University’s emergency alerting Twitter accounts. All but one of our applications were accepted; one was denied. Each of our applications contained the same basic use case and behavior description. Each of our Twitter accounts is used to tweet emergency alert messages for a different campus of the university. Each campus is located in a different geographic region of the State of Texas. Those wanting to receive the tweeted messages about a specific campus simply follow the Twitter account associated with that campus. Each Twitter account displays only the alert messages for that campus and helps ensure the followers receive the important information only for that campus. Since each developer account has the same basic use case and behavior description and the associated Twitter accounts server to inform a different set of followers, we do not understand why one of our four developer applications would be denied. Is there anything you can tell us that will help us understand why the application was denied?

  2. Currently, we can manage the existing app for each of our Twitter accounts. And we understand that Twitter will eventually require we have a developer account in order to manage existing apps for each Twitter account. Can you provide any information for how we re-apply for the one account that Twitter denied?

  3. Your recommendation to use an Organizational Account in the future for all of of our API apps is interesting. Can you provide links to documentation that describes how we could use the Organizational account in that way? Again, having the tweets from a distinct campus available for followers is critically important to us, we don’t want tweets from multiple campuses appearing in one feed to all followers.

Thank you for helping us with these concerns for our Twitter followers.


#6

The “one account approved, rest denied” thing makes sense from the point of view that 1 application should be registered for “a single purpose”: Policy clarification - multiple applications for the same use case

The new developer dashboard can now manage old apps (ones you previously registered on apps.twitter.com) https://developer.twitter.com/en/apps so it shouldn’t be a problem.

For 3. This is generally how it could work:

Lets say @TAMUCMAdmin is a twitter account you operate, and is an approved developer account. You then either register a new app called “Alert System”, or use an existing one that works, and use the Consumer Key & Secret of the app to “authenticate” each of your campus accounts, eg: @Campus1Alerts, @Campus2Alerts, @Campus3Alerts @CampusAlertsDevTesting etc…

You can use something like https://github.com/twitter/twurl to do the OAuth thing manually once for each account, the tokens are long lived and won’t expire unless you reset them. (It does it this way if i remember correctly: https://developer.twitter.com/en/docs/basics/authentication/overview/pin-based-oauth )

Now to tweet alerts for separate campuses, each account now has the same Consumer Key & secret, but their own unique Access Token & Secret. Everything else in your system should be exactly as before - except now you only use 1 main application key instead of separate ones for each campus.

Also, it doesn’t really matter which account owns the app, what matters is the combination of Consumer key & secret and Access token & secret - so @Campus1Alerts could be the actual Application “owner” but the other accounts will still have their own access tokens and tweet separately just fine.

Hope that helps!


#7

I couldn’t have said it better myself. Thank you @IgorBrigadir !

@TAMUCMAdmin - Please let me know if you have any additional questions.


#8

Thank you @IgorBrigadir for the explanation. We understand that we should be able to use one Twitter app (created in this Developer account) to be able to tweet to any one of our campus Twitter accounts for our use case. I understand that the Twitter app will have its one Consumer Key and Consumer Secret, but that there will need to be unique Access Token and Access Secret keys for each Twitter account receiving tweets through the app.
I have three questions:

  1. Only one set of Consumer and Access tokens can be managed for the app from within the developer account. We assume these tokens will work for tweeting only to the one Twitter account already associated with the Developer account. Any other Twitter accounts we want to send tweets to with the app must be assigned their own Access Tokens which we create using twurl (or other external method). Are these tokens created by twurl visible in the Developer account interface or do we have to manage them separately?
  2. If we create a set of tokens with twurl, do we need to delete these tokens when we create another set to replace them?
  3. How many different sets of Access Tokens can we create for one Twitter app in the developer account (or, how many Twitter accounts can we send individualized tweets to using one Twitter app)?

Thank you again for your assistance.


#9

Not exactly - unless you mean “Creating Tweet Alerts” by “receiving tweets through the app”. Tokens are only needed for posting tweets.

Ordinary users and those wishing to follow your alerts just need to follow one of your accounts - like TAMUCodeMaroon or TAMUCM_LAW (i’m assuming those are the ones you mean)

When telling people to follow these accounts - i’d also suggest strongly encouraging people to “Turn on mobile notifications for this account” - that option appears after you follow an account in the ... burger menu on web or as a Bell icon in the App - people might miss it, or not realise it’s there. This will mean that their twitter app will very likely generate a phone notification (not SMS) any time the emergency account tweets (but you can’t 100% guarantee these app notifications).

  1. Only the “Owner” account’s Access Token is visible in the Developer Pages - As for other Authenticated accounts, you are right - no, they are not visible and these should be kept separately and managed by you somehow.

  2. Nope - It doesn’t matter how those tokens are generated, with Twurl or something else - they don’t expire. To properly invalidate / reset tokens you can log in using the account on twitter, and go to https://twitter.com/settings/sessions and remove the application there. Or if it’s the application owner, also in the developer App page under Keys & Tokens, or using a call to https://developer.twitter.com/en/docs/basics/authentication/api-reference/invalidate_access_token after invalidating the newly created token will be different

  3. The limit for the number of accounts you can Authorize to one application is something like 100,000 last time i checked. But these are just for the accounts that will be tweeting alerts, anyone wishing to receive alerts isn’t limited in any way.

Oh, and as for using twurl, i just noticed that it doesn’t actually output the Access tokens after successfully authorizing, it stores them in a .twurlrc file - so they can be found there.

The whole process should be down to Log in to twitter web as TAMUCodeMaroon, run twurl authorize --consumer-key ... --consumer-secret ..., open the webpage, enter the PIN from there in twurl, open .twurlrc (should be in home directory) to save the tokens, log in as a different twitter user TAMUCM_LAW, run twurl again, etc… Don’t know how many accounts you need to do this for but it shouldn’t take that long.

Incidentally, while logging in to those accounts to authorize, that would be a good time to make sure other settings are enabled like passwords / security, unnecessary apps are not enabled on those emergency accounts, the emails and phone numbers in settings are valid, descriptions link to the site and other stuff like that. Hope that helps!


#10

@IgorBrigadir, Yes, you’ve been very helpful. I know that Twitter recently moved all older existing Twitter apps to their Developer Account environment, even if the Twitter account has no developer acct. yet. Do you know when they might also block developers from being able to manage those older apps (generate new tokens, etc.)?


#11

Yeah that’s this announcement Beginning today: developer.twitter.com will replace apps.twitter.com for all app management You won’t be blocked any time soon!

If you’ve got apps registered under different accounts that aren’t your developer account, it’s a good idea to transfer them to your approved Developer account (an approved developer account can have up to 10 apps before you have to request more) you want the “I need to transfer an API key to another account” https://help.twitter.com/forms/platform option.


#12

Thank you @IgorBrigadir. Looks like it’s time to start testing/implementing use of one Twitter app with multiple sets of tokens, etc.


#13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.