Widget without server-side code? Widget on intranet site? Whose token to use?


I’m hopeful that someone will be able to point me in the right direction.

I’m a developer who has various clients who have API 1.0 feeds on their websites/corporate intranets. I need to somehow convert these to use the API 1.1

The Twitter Widget ( https://twitter.com/settings/widgets/new ) doesnt’ meet the client requirements. I’m being asked to reduce the width significantly (to 200px), I’ve been asked to remove the scroll. I’ve been asked to limit the number of tweets returned to 3. As this widget it hosted by twitter (I assume?), and pulled via an iframe I have limited control over its styling, so can’t see a way I can meet the customer requirements.

As such I feel I need to develop my own widget. Unfortunately, the clients have stipulated that I can’t use any server-side code on their environment. I’m led to believe that if I use client-side code, my token details will be avaliable to anyone who views the source of the page ( see : http://140dev.com/download/javascript_ebook.pdf ). Is this correct? If so, how can I build my own widget without either server-side code and without introducing a security risk?

To compound this issue, I need to get this widget to work on a corporate intranet - obviously the DNS for this environment isn’t public, so I can’t seem to register it with Twitter. Is it now the case that I can’t get feeds to work on corporate intranets (unless I use the Twitter hosted widgets)?

Finally, and this might seem like a silly question, but whose token am I meant to use? Am I meant to ask the client for the token details of their own corporate twitter feed (which means the customer will need to trust me a heck of a lot!)? Or am I meant to run all of my different customer’s under my own twitter account’s token? (if so are my clients going to share the hourly limits? Also, what happens if I leave my current job - would I need to get somebody else to sign up for a twitter token on behalf of my former clients?)

At the moment, I feel I’m going to have to tell the clients that we will need to remove Twitter from their corporate intranets. This can’t be right, can it?

Any answers are more than welcome,


Rob Bath