Why are end-users not held to the same standard as API usage?



So, after spending a good 2 weeks of back & forth with the automated email responses for trying to get an developer app un-restricted (via Restricted to API read access only), I’ve reached a point where I’ve just lost any hope that Twitter support cares much actual use cases for their APIs. The issue I’ve been running into has been related to the following rule listed on the official Twitter Rules page:

Spam : You may not use the Twitter service for the purpose of spamming anyone. What constitutes “spamming” will evolve as we respond to new tricks and tactics by spammers. Some of the factors that we take into account when determining what conduct is considered to be spamming are:

  • if you send large numbers of unsolicited replies or mentions;
  • if you send large numbers of duplicate replies or mentions;

So, the idea makes sense; don’t @mention a bunch of users who don’t want to be tagged. However, this isn’t actually enforced at all. To give an example, in the world of game streaming websites (Twitch, YouTube, Mixer, etc), it’s very common for a user to @mention several accounts in their tweet when they start to stream. Some of these accounts can include the streaming site, automated retweet accounts, stream groups, and even the game companies of the games they’re playing. Here’s an example of one such:

Now, based on those above rules, this would considered a spam tweet, so it should be deleted or the user should be warned in some way. However, that never once happens in any automated fashion. But, if a user were to send this exact same tweet via the developer API, that would be considered spam because it falls under the “automation” bucket. This is the case whether tool that uses the API creates & sends the tweet on its own OR if the user types in the entire tweet message and hits a button to send it.

In the former case, I can see how that would be a concern, you don’t want an app to go around with a user’s account and do stuff without their permission. However, in the later case, if the user is explicitly typing the message & setting up when they want it sent, how is that any different than a user going on to the website or their phone and doing the same thing? Why is one treated as “malicious” while the other is just ignored?

It’s very frustrating when you want to give an experience to end users to let them do things with your service, but they can’t even do the same things they could do if they were just doing it themselves. So why is it that these rules aren’t enforced to the same level with end-users directly? Why aren’t users receiving warning emails or usage time outs from doing things that Twitter states you can’t do?


@SaviorXTanren is accurately describing this very serious problem.

We are a customer service platform, and:

  1. We have had to restrict our users from @mentioning more than 1 user in a tweet.
  2. We have also had to restrict users from sending more than 1 response to a tweet.

Rule 1+2 above makes it impossible to offer high quality customer service via the Twitter API.

But, if a user uses Twitter.com or Hootsuite.com, none of these rules apply.
It is very unclear why we are told to apply these extreme restrictions?

We have now for over a month tried to get answers on this. Unfortunately, no one at Twitter is answering us - not via email and not in this forum. All we want to do is play by the rules, build a great app and let our customers use Twitter in a responsible way. Please, please Twitter staff. Answer us what we should do.

@SaviorXTanren has written an excellent question above. Please don’t leave his question unanswered. Instead, clarify this - and help his team (and my team) build something great together with you at Twitter :slight_smile:


Thank you both for asking.

The answer here is that both app developer, and users on the platform, are required to follow the Twitter Rules (and in the case of developers, also the Twitter Developer Policy And Agreement, incorporating the Automation Rules and Restricted Use Cases). Large numbers of unsolicited @mentions, duplicative content, etc are all against the rules, and enforcement action may be taken.

If you have particular concerns that apps are not following the policy, you’re welcome to use the API Policy Support form https://help.twitter.com/forms/platform to raise these to our team for review.

As we’ve stated in several threads on the forums in the past, unfortunately our team is unable to comment on individual cases, or indeed individual users or accounts - this would be inappropriate on a public forum and it would not align with our privacy policies.

Thank you for your efforts to enhance the Twitter experience for users and brands alike; we would again refer you to the Developer Policy and Agreement and associated documentation.


@andypiper To be kinda of frank, that wasn’t really much of an answer to the question. You restated the point that these things are against the rules and enforcement action “may” be taken, but why is there a large difference of enforcement between app developers & direct users? This isn’t a scenario of individual cases, this appears to be a general policy.

Obviously Twitter has some of metrics & logging on developer API usage, which makes perfect sense. That would be the only way for these automated read-only access restrictions to kick in to place. However, why isn’t this same logic applied to tweets fired out by users? You can say it’s on case-by-case basis, but statistically speaking, it’s very obvious that it’s not being done at all from the number of tweets I see from the same people on a day-to-day basis that violate these policies.

If the honest answer is just “We enforce it on developer APIs, but not so much on users”, I can accept that answer. I don’t like it and I think it’s more harmful to the Twitter ecosystem to have this dual-policy enforcement setup, but at least it’s an answer. Right now, it’s more just a black box that doesn’t seem to have much rhyme or reason to it.


I restated the rules around this, yes.

I am sorry if my answer does not authoritatively handle every use case (developer/user) you have in mind, and I can see why you would feel that was the case.

Can I outright describe every algorithm affecting apps or users posting content on the platform, right now? Nope. This remains, and has to remain, a moving target. As a developer (and as a user of the platform) this is annoying and inconsistent but if I wrote down a 3 point formula today, it would be republished tomorrow, and 17 bad folks would start to try to find ways around it. Is that crap? Yup.

We can assure you - potentially, in spite of perceptions - that users with accounts that spam, and apps that enable accounts to spam, are enforced against.

closed #7