What We Have Covered in This Article
Last Updated on March 13, 2019 by Editor Futurescope
Most Twitter and other social media users at some point want to generate their twitter API keys. They need the access key tokens and token secret when they want to do the following things.
- The application they are using only needs to make requests in place of a single user. For instance, they want to post, follow or unfollow, Tweet or ReTweet as a user, or want to retrieve a list DMs for a user.
- If you’re going to test the API functionality from an account before embarking on building out the 3-Legged OAuth flow.
Generating API keys
For one to use their Twitter API key to pull tweets and other information from their Twitter profile and the overall account, they must first have to create a Twitter Application through their account. While this may seem complicated, it is so simple to achieve.
Creating a Twitter Application
Visit dev.twitter.com/apps to create a twitter application. While there, log in to your twitter account. What follows next is filling out the necessary information for the app, and the application will be published.
Places to Fill Out
Name – This is the display name of the application you are creating, that will be used during user authentication. It must be checked for uniqueness against all other twitter applications.
Description – Describe what you intend to do with the application
Website – Fill out the full URL to the site where the app will be used or make it open for anyone to download.
Callback URL – Specify the webpage you want to return your users to after authentication. For isolated cases such as the WordPress widget integration, this slot could skip this.
Finally, go through the Developer Rules and agree, then key in the Captcha phrase and click create, and that is it.
If You Already Have A Twitter App
In case you already have an existing Twitter app, then view and edit it on the Twitter application dashboard. You must be logged onto your twitter account though, on developer.twitter.com.
Creating Your Access Token
When you are done creating the Twitter app, you will go ahead and authorize the twitter app for your twitter account. Therefore, click on ‘create my access token’ button. It takes a few moments, therefore, keep refreshing the page until you see the access tokens on the next screen.
The access token generated allows your twitter app to read your twitter information. It will enable you to get data of your mentions, tweets, lists and much more. In case you want to do advanced stuff such as deleting a tweet or sending one, you will have to change your access type.
Choosing an Access type
You should note that the default access type when creating a Twitter app is a read-only type. Ensure you keep it like that unless you want to delete a tweet or add more data such as sending messages. However for you to do more advanced things, then click on the settings tab which is at the top of your screen. Next, scroll down to ‘Application Type.’ Here, change to your desired access type example, ‘Read and Write.’ You will now be able to read, delete and send direct messages. When you select the ‘Read, Write and Access Direct Messages’ option, you will be able also to access your direct messages.
Take Note of Your OAuth Settings
Now, take a note of your OAuth Settings as you will need these strings of characters for the Twitter App. Take note of the consumer key, secret, OAuth Access Token, and OAuth Access Token Secret. Therefore, this is how you get twitter api key. Always keep these a secret and ensure they are not leaked.
How To Secure Keys And Access Tokens
The API keys of your application should be given the most security. The keys represent your unique access to Twitter, and in case they get leaked to unauthorized parties, they could be abused and have restrictions placed on your application. The user access tokens are more sensitive, and when they are generated, the user trusts their app to keep the access tokens secure. If the security of the API keys and the access token gets compromised, then your application will be at risk of exposing private information as well as the overall account functionality.