You can try using both app auth and user auth together: it makes authenticating calls slightly more complicated but not that much.
At a minimum, you have the app “owner” - the developer account that owns the app automatically gets keys generated under “Keys & tokens”, so you have 180+450 calls every 15 minutes for
I’ve a hacky way for displaying tweets, if storing them is a restriction, it might be worth doing something like this:
Instead of looking up tweets to display from API, add
<blockquote> tags with permalinks to tweets into whatever page that’s displaying them like this:
<blockquote class="twitter-tweet"><a href="https://twitter.com/Interior/status/463440424141459456"></a></blockquote>
<blockquote class="twitter-tweet"><a href="https://twitter.com/guardian/status/1103716184959131648"></a></blockquote>
<blockquote class="twitter-tweet"><a href="https://twitter.com/guardian/status/1103715446388416512"></a></blockquote>
<blockquote class="twitter-tweet"><a href="https://twitter.com/i/status/1103715320198545409"></a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
This way, if you know the tweet id you want, you never have to store any tweet content on your systems at all, and you don’t have to load it yourself through the API.
widgets.js will load the page and replace all the
<blockquote> tags with proper tweet embeds. (that example won’t work if viewing that html as a local html file but will work when loaded from a server, as twitter widgets won’t load in a browser with content security policy by default or something like that)
<blockquote> contains an
<a> with an
href with a tweet id (you don’t even need to get the user correct - like the last entry in that example),
widgets.js can render them in the browser just fine. To load those dynamically you might need to call it manually after creating the
Hope that helps!