Twitter's Search API and user/application authentication - can anyone clarify my concerns?


Hi folks,

I am using Twitter’s Search API in my app (built in Ruby on Rails) and, given the recent changes to the overall Twitter API, I am making changes to comply with the various regulations and requirements.

However, I am slightly confused by the difference between application authentication and user authentication, so I’d like a little clarification.

To explain further, my app allows the user to search (public) tweets using keywords suggested by the user. This is the only relationship it has with Twitter - i.e. there is no functionality to post tweets via my app at all - however, I am using Twitter’s own Web Intents ( to allow users to retweet/favorite tweets from the search through Twitter itself, and also to adhere to the display requirements.

I have registered my app at, so my app has its own consumer key and consumer secret key, and is also set at read-only. Therefore, as far as I understand, my app is authenticated, and subject to the Search API rate limit.

However, should users also be signing into my app to make use of this functionality? In other words, should this feature only be offered to those with a Twitter account, who would need to sign in to my app in order to use the search functionality? Or is this extra layer of interactivity covered by the use of Web Intents?

Any clarification would be most helpful.



Hi Graeme,

Good questions. For now, there’s no form of “application-only” authentication in the 1.1 Search API, so if you want to get started thinking about this, you can turn your head to the side a little bit and consider that you can leverage a dedicated access token (perhaps belonging to an account that “owns” the application) for end-users who do not have a Twitter account associated with their usage of your service. You’ll be limited to 180 queries per every 15 minutes on behalf of all of those users.

The only way you’re going to be able to scale your usage of the API over time is to require that your end-users authenticate via OAuth. Then you’ll directly use their access token while performing search’s on their behalf at 180 requests per 15 minutes per user. My recommendation to you would be to offer some light “unauthenticated” functionality but require that the user authorizes your application to do any serious searching – this advice would be the same even if the “userless” form of search were present today, as the queries you could issues would still be limited for unauthenticated access.

Hope this helps to clarify!


Thanks Taylor, this is really helpful.

I was actually thinking of splitting up the functionality in my app between “simple” (for non-Twitter users) and “advanced” (for Twitter account) users anyway, so your response has answered a few questions I hadn’t thought of :slight_smile:

To clarify, though - I have registered my application (which has its own Twitter account) on, so I have consumer & consumer secret keys (which I have essentially used as global variables in my app); are these the same as the “dedicated access token” you mention, or do I need to register separately for this (either now, or when the time comes)?

Thanks again!


What is the timeline for application authentication? If I recall correctly you are removing the 1.0 API in March this year - my application needs only application authentication as it simply takes tweets from Twitter and displays them in a Wordpress blog ( and whilst I’m happy for each user of the widget to get a new key I don’t want end users to have to login just to view a section of the site owner’s website (it will look dodgy to the user and will put them off).

If you are scrapping 1.0 in March then you absolutely need to get application authentication working NOW so that people can start implementing it! Or put back the date for removing 1.0!


I agree with Stephen. I’ve done auth via Facebook, Google and Amazon (sort of) before… all relatively straightforward. Twitter Oauth is an unholy nightmare (“take these parameters, put them in alphabetical order, percent encode them, concatenate them, percent encode them again, stand on one foot, stick out your tongue…”) which essentially makes developers dependent on 3rd-party libraries which may or may not be efficient, secure and maintained in the future.

For me, that Twitter hasn’t provided Java, Python, & Ruby libraries for this itself is cause enough to push back the 1.0 turnoff.


i create a twitter app which allow users to change their backgrounds but the main problem i am facing is that it can change backgrounds of only my profile have you any idea about this ??? help me please


Hi Abdul,

I have sent you an E-mail. Please read and let me know your answers so that I can (try to) help.


thanx for your reply i create this app in php if you have any email id or skype i would like to contact with you with more details


Hi Abdul,

Please message me through Twitter and I can give you my Skype ID on there as I’d rather not give anything away on here.



Is there any way by which i get the access token without the pin no.


Hi Naresh,

Not sure what you mean about a “pin no” - to get the token you need to provide a Consumer Key and Secret key, see here for more information:



Have you doing great !
Can anybody tell me , how can i use twitter search api in my website .I need to display the any user tweets when i enter the name into textbox and then it show the latest tweets in json format.

i am using,twitter&include_entities=true

but it show me
{“errors”:[{“message”:“The Twitter REST API v1 is no longer active. Please migrate to API v1.1.","code”:64}]}

please let me know how can it possible.




API version 1 is deprecated, you shouldn’t use it anymore. Please look at the following link for updated information:

Also, I suggest you to use an updated library for doing these requests, check here: