Required to send a request to api@twitter.com in using xAuth?


#1

I am using PIN-code out-of-band flow for my desktop application and now I wanted to use xAuth instead of PIN-code out-of-band flow. I just want to ask if it’s required to send a request to api@twitter.com for me to be able to use xAuth?
What will be the changes that I should do in my application in shifting from PIN-code out-of-band flow to xAuth?


#2

Yes, it’s required to ask for permission from the API policy team through api@twitter.com – include as many details about how Twitter is used in your application and why xAuth is the best solution for you. Include links to screen shots of Twitter functionality within your application.

To prepare for xAuth, consider the OAuth sequence you’ve developed:

  1. Request a request token on oauth/request_token
  2. Send the user to oauth/authorize with the request token
  3. Receive PIN from user
  4. Exchange request token for access token using PIN on oauth/access_token
  5. Use access token for requests to the API

The xAuth sequence is simplified to:

  1. Request access token using username and password from oauth/access_token
  2. Use access token for requests to the API