Twitter's API Authentication

by javier (modified: 2017 Apr 21)

Go back to the introduction to Twitter's API tutorial

Twitter's API Authentication (Part 1)

There are two forms of authentication, both leveraging OAuth version 1.0A

The Application-only authentication is an example of Sign in with twitter, it will redirect a user to the Twitter's site, sign in with their credentials, and then return to our site. User authentication is required for many user-specific API calls.

So, every time we access the Twitter API on behalf of a user, our user will be redirected to Twitter to authorize our application. Twitter will return tokens which do not expire until the user revokes them. We’ll use these tokens to authenticate our calls on behalf of this user.

Verifying Credentials

Every request sent to Twitter's API, as we learn must be authorized. To learn more about how to authorize a request read: Authorizing requests. So we will need first to get an OAuth access token on behalf of a Twitter user (or, you could issue Application-only authenticated request when user context is not required). There are different options to get such token and it will depend on your use case. Here we will use the option Just want to access the API from your own account... For our examples, we will use this approach.

The endpoint to verify credentials is

Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; returns a 401 status code and an error message if not. Use this method to test if supplied user credentials are valid.

Register an application

We will need to register a new application with Twitter. Go to, fill the form, about the URLs, don't worry, since we won't be using the OAuth callback mechanism.

The first time you create a Twitter App, the application permissions will be Read-only, at the moment is ok, we will need to change it at the end of the tutorial. To check the permissions, click the Permissions tab in your app.You will see something like this

As you can see, we will need to regenerate our access token when we change the permissions.

To obtain a consumer key (identifies your app) got to the 'Keys and Access Token' tab, here you will be able to get them from the Application Settings sections.

By default access token (identifies a user of your app, you), are not generated as shown in the previous image, you need first to click on create my access token to get them

Using OAuth to verify the credentials

The goal of this example is to show you how to use EiffelWeb with OAuth to verify your credentials with Twitter API. The code is here: APPLICATION.e

First copy the consumer keys and access tokens

feature {NONE} -- Consumers Key api_key: STRING = "" -- Consumer key --| The consumer key identifies the application making the request. api_secret: STRING = "" -- Consumer secret feature {NONE} -- Access Key access_key: STRING = "" -- The access token identifies the user making the request. access_secret: STRING = "" -- Secret token

In our feature make first we will initialize our OAuth service api_service with an object instance of OAUTH_10_TWITTER_API using the consumer's keys

-- Initialization create api_builder create signature.make signature.mark_query_string -- Create the Twitter oauth service with the consumers key api_service := api_builder.with_api (create {OAUTH_10_TWITTER_API}).with_api_key (api_key).with_api_secret (api_secret).build

Then we use our api_service, to get the request token

request_token := api_service.request_token

We also need to create our access token, using our access_key and access_secret that we have generated and copied from the Twitter's App.

-- Create the access token that will identify the user making the request. create access_token.make_token_secret (access_key, access_secret)

Finally, we create a request, sign it and execute, if the setup was done correctly, you will get a Response Status: 200 Ok.

-- Build the request and authorize it with OAuth. create request.make ("GET", protected_resource_url) api_service.sign_request (l_access_token, request) if attached {OAUTH_RESPONSE} request.execute as l_response then print ("%NOk, let see what we get from response status...") print ("%NResponse: STATUS:" + l_response.status.out) end

You will see in the console something like this if everything was Ok.

===Twitter OAuth Workflow using OAuth access token for the owner of the application === Get the request token Got the Access Token! Now we're going to verify our credentials... Ok, let see what we get from response status... Response: STATUS:200 Press Return to finish the execution...

Code Example

Get the code from here:

consumer \----- twitter_tutorial \------ auth