Rate limits - how to generate user tokens in an automated way?

oauth
api

#1

Hi … This question is related to the use of your API’s and especially the rate limits.
We would like to embed the “GET search/tweets” in an end user application. We have read about the rate limits (user auth or app auth).
The idea is to have this application launching the requests on behalf of a user, identified in the application by his credentials.
It is not clear for us is this is possible and how to generate the users tokens in a transparent way from the application, in order to cosume the user rate limit ? regards


#2

Users will have to authorize your application first - so your application will have to support one of the ways to obtain a token: https://dev.twitter.com/oauth/overview

You can then issue requests with your Application keys & a user’s token - with each user having their own rate limit.


#3

Hi Igor; thanks for your feedback; much appreciated.
After reading the documentation, we think that the only way to achieve our goal is to use the 3-legged authorization.
That said, we have seen in the documentation that "The user will ALWAYS be prompted to authorize access to your application, even if access was previously granted."
We don’t understand that …
Despite the valid token, that means that each call to the API on behalf of the user will prompt the user (a popup ?) in order to allow the access …
Can you please clarify and maybe suggest another way to achieve our goals ?
Best regards and thanks again for your kind help


#4

Depends on what your app is, but i found PIN based approach is fine for most cases: https://dev.twitter.com/oauth/pin-based twurl app does this: https://github.com/twitter/twurl

If it’s a web app - then “Sign In With Twitter” would get you what you need https://dev.twitter.com/web/sign-in/implementing


#5

Hi Igor and thanks for your feedback.

I realize that I haven’t given you any indication about the app we are developping.
We are working one some sort a meta search engine, that is able to launch requests (search requests) against many “data sources”. Basically, the user types a keyword and the application (Webskan) will launch a search request to Google, Yahoo, … and we would like to add Twitter as a datasource.

The app itself is a browser plugin; the front end is developed using JavaScript and the backend is a cloud server (Linux / MongoDb). Currently, the plugin is in beta test on Mozilla Firefox, Opera and Google Chrome.
In order to address the integration with Twitter, our idea is the following :
a) the user of the plugin has an account (mail / password) in order to connect to our app,
b) he can select in his settings the “datasources” he would like to address; the first time he selects Twitter, we will run a process (3-legged authorization) in order to generate a token and will store the token along with his profile on the server.
c) each time the user launches a search request against the different datasources (incl. Twitter), we will launch the search request against Twitter using the token.

This process needs of course to be as transparent as possible; that’s the reason why we are surprised by what is written in the documentation : “The user will ALWAYS be prompted to authorize access to your application, even…”.
That would mean that each time the user will launch a request where twitter is part of the datasources then he would be prompted by Twitter in order to acknowledge the access to his twitter account, despite the fact that the token is valid.

Maybe we are misinterpreting the documentation ?

Please help …
regards