Reputation: 441
Why twitter requires API key secret and Access Token Secret?
I want to understand the responsibilities/differences of API Secret and Access Token Secret. When I need to secure my APIs, I usually ask users to first register yourself and get the accessToken, and use the same for making API calls.
Also, If you can make me understand what are the problems with my current approach based on single accessToken and why should I prefer to implement API Key, API Key Secret, Access Token, Access Token Secret that would be really helpful.
Thanks!
Upvotes: 5
Views: 5981
Answers (2)
Reputation: 294
What you're referring to is probably oAuth 2.0 (use of 1 access token). As to the reason why Twitter has both an AuthToken and AuthTokenSecret, it's because Twitter uses oAuth 1.0a, which, at the very least, is said to be more secure than oAuth 2.0 and completely different.
Upvotes: 2
Reputation: 553
API Keys and API Secret Keys are important to authorize yourself to Twitter. There are two types of authentication on Twitter;
1- App-Based authentication
It is very limited authorization method. You can only do what a non-logged user can do on Twitter like seeing an users (whose account is not protected) timeline, search tweets, access friends and followers any account. You don't need Access Token Secret here.
Secondly with App-Based authentication can get a access token and access token secret with the permission of the user. This is called "User-App Authentication"
2- User-App Authentication
You can do anything on twitter that what the user can do. Post tweets, re-tweet things, favorite things, follow and unfollow people change accounts settings and anything that comes to your mind. This is when you are going to need it:
API Secret and Access Token Secret is top secret information that you'll need to provide to Twitter. You need to calculate a signature to validate yourself while doing request to Twitter. This is where you will be use your API Secret and Access Token Secret information together. Since a Twitter request can not be done without signature, you will need to use everytime you need something from Twitter or post something to Twitter
For more information about creating a signature please follow this link: https://dev.twitter.com/docs/auth/creating-signature
Upvotes: 0
Related Questions
- How to get user Access Token and Access Secret with the Twitter API
- Making GET API call to Twitter using Access Token and Access Secret
- Twitter API request_token
- Oauth Consumer key/secret vs access_token/access_secret
- Twitter API Keys, Secrets, and Tokens
- Secret api Key Facebook and Twitter
- Need an OAuth token secret to get an OAuth token secret? What the heck?
- Twitter not getting the access token and access token secret Android
- What is oauth_token_secret in Twitter OAuth
- What's the use of the oauth_token_secret in Twitter OAuth?