I am working on a Twitter project where I want to use OAuth but I don't know where to get the consumer and secret keys.
How can I get these?
To get Consumer Key & Consumer Secret, you have to create an app in Twitter via
https://developer.twitter.com/en/apps
Then you'll be taken to a page containing Consumer Key & Consumer Secret.
Hopefully this information will clarify OAuth essentials for Twitter:
Create a Twitter account if you don't already have one
Visit 'https://apps.twitter.com' and follow the required prompts to create a developer project (Twitter requires you to answer some questions before they will approve your account. Approval was nearly instant in my case.)
Requesting the API key and secret via the Developer Portal causes Twitter to produce the following three things:
API key (this is your 'consumer key')
API secret key (this is your 'consumer secret')
Bearer token
Next, visit the 'Authentication Tokens' area of the Developer Portal and generate an 'Access token & secret'. This will provide you with the following two items:
Access token (this is your 'token key')
Access token secret (this is your 'token secret')
The consumer key, consumer secret, token key, and token secret should be sufficient to do Twitter API calls (they were for me).
Log into the Twitter Developers section.
If you don't already have an account, you can login with your normal Twitter credentials
Go to "Create an app"
Fill in the details of the application you'll be using to connect with the API
Your application name must be unique. If someone else is already using it, you won't be able to register your application until you can think of something that isn't being used.
Click on Create your Twitter application
Details of your new app will be shown along with your consumer key and consumer secret.
If you need access tokens, scroll down and click Create my access token
The page will then refresh on the "Details" tab with your new access tokens. You can recreate these at any time if you need to.
By default your apps will be granted for read-only access. To change this, go to the Settings tab and change the access level required in the "Application Type" section.
Existing apps
To get the consumer and access tokens for an existing application, go to My applications (which is available from the menu in the upper-right).
step 1.Go to https://dev.twitter.com/apps
step 2.Create app(fill up the form)
step 3.Change permissions if necessary(depending if you want to just read,write or execute)
step 4.Go To API keys section and click generate ACCESS TOKEN.
5 years late to answer :)
Now you have these tokens which is all you need.
'oauth_access_token' => Access token
'oauth_access_token_secret' => Access token secret
'consumer_key' => API key
'consumer_secret' => API secret
Simply go here: https://dev.twitter.com/apps/new Make sure you have logged in with your Twitter account - then create - even if your just entering random (Test) Content - create your app - afterwards you will receive all the data you require :)
Go to https://dev.twitter.com/apps to list all your apps. Click on the desired app to get its consumer and secret key. If you didnt yet created any app then follow https://dev.twitter.com/apps/new to create new one.
This slide show shows how to get both keys updated June 2013.
http://www.slideshare.net/Tweetganic/generate-twitter-applications
From the Twitter FAQ:
Most integrations with the API will require you to identify your application to Twitter by way of an API key. On the Twitter platform, the term "API key" usually refers to what's called an OAuth consumer key. This string identifies your application when making requests to the API. In OAuth 1.0a, your "API keys" probably refer to the combination of this consumer key and the "consumer secret," a string that is used to securely "sign" your requests to Twitter.
consumer_key = API key
consumer_secret = API key secret
Found it hidden in Twitter API Docs
Twitter's naming is just too confusing.
FYI, from November 2018 anyone who wants access Twitter’s APIs must apply for a Twitter Development Account by visiting https://developer.twitter.com/. Once your application has been approved then only you'll be able to create Twitter apps.
Once the Twitter Developer Account is ready:
1) Go to https://developer.twitter.com/.
2) Click on Apps and then click on Create an app.
3) Provide an App Name & Description.
4) Enter a website name in the Website URL field.
5) Click on Create.
6) Navigate to your app, then click on Details and then go to Keys and Tokens.
Reference: http://www.technocratsid.com/getting-twitter-consumer-api-access-token-keys/
Related
I am working on a Twitter project where I want to use OAuth but I don't know where to get the consumer and secret keys.
How can I get these?
To get Consumer Key & Consumer Secret, you have to create an app in Twitter via
https://developer.twitter.com/en/apps
Then you'll be taken to a page containing Consumer Key & Consumer Secret.
Hopefully this information will clarify OAuth essentials for Twitter:
Create a Twitter account if you don't already have one
Visit 'https://apps.twitter.com' and follow the required prompts to create a developer project (Twitter requires you to answer some questions before they will approve your account. Approval was nearly instant in my case.)
Requesting the API key and secret via the Developer Portal causes Twitter to produce the following three things:
API key (this is your 'consumer key')
API secret key (this is your 'consumer secret')
Bearer token
Next, visit the 'Authentication Tokens' area of the Developer Portal and generate an 'Access token & secret'. This will provide you with the following two items:
Access token (this is your 'token key')
Access token secret (this is your 'token secret')
The consumer key, consumer secret, token key, and token secret should be sufficient to do Twitter API calls (they were for me).
Log into the Twitter Developers section.
If you don't already have an account, you can login with your normal Twitter credentials
Go to "Create an app"
Fill in the details of the application you'll be using to connect with the API
Your application name must be unique. If someone else is already using it, you won't be able to register your application until you can think of something that isn't being used.
Click on Create your Twitter application
Details of your new app will be shown along with your consumer key and consumer secret.
If you need access tokens, scroll down and click Create my access token
The page will then refresh on the "Details" tab with your new access tokens. You can recreate these at any time if you need to.
By default your apps will be granted for read-only access. To change this, go to the Settings tab and change the access level required in the "Application Type" section.
Existing apps
To get the consumer and access tokens for an existing application, go to My applications (which is available from the menu in the upper-right).
step 1.Go to https://dev.twitter.com/apps
step 2.Create app(fill up the form)
step 3.Change permissions if necessary(depending if you want to just read,write or execute)
step 4.Go To API keys section and click generate ACCESS TOKEN.
5 years late to answer :)
Now you have these tokens which is all you need.
'oauth_access_token' => Access token
'oauth_access_token_secret' => Access token secret
'consumer_key' => API key
'consumer_secret' => API secret
Simply go here: https://dev.twitter.com/apps/new Make sure you have logged in with your Twitter account - then create - even if your just entering random (Test) Content - create your app - afterwards you will receive all the data you require :)
Go to https://dev.twitter.com/apps to list all your apps. Click on the desired app to get its consumer and secret key. If you didnt yet created any app then follow https://dev.twitter.com/apps/new to create new one.
This slide show shows how to get both keys updated June 2013.
http://www.slideshare.net/Tweetganic/generate-twitter-applications
From the Twitter FAQ:
Most integrations with the API will require you to identify your application to Twitter by way of an API key. On the Twitter platform, the term "API key" usually refers to what's called an OAuth consumer key. This string identifies your application when making requests to the API. In OAuth 1.0a, your "API keys" probably refer to the combination of this consumer key and the "consumer secret," a string that is used to securely "sign" your requests to Twitter.
consumer_key = API key
consumer_secret = API key secret
Found it hidden in Twitter API Docs
Twitter's naming is just too confusing.
FYI, from November 2018 anyone who wants access Twitter’s APIs must apply for a Twitter Development Account by visiting https://developer.twitter.com/. Once your application has been approved then only you'll be able to create Twitter apps.
Once the Twitter Developer Account is ready:
1) Go to https://developer.twitter.com/.
2) Click on Apps and then click on Create an app.
3) Provide an App Name & Description.
4) Enter a website name in the Website URL field.
5) Click on Create.
6) Navigate to your app, then click on Details and then go to Keys and Tokens.
Reference: http://www.technocratsid.com/getting-twitter-consumer-api-access-token-keys/
I created an app on one twitter account. I would like to authorise that same app on a different account.
FAQ on how to authorise apps says On the website of the application you want to connect, find the button/link asking you to connect your Twitter account. But I haven't built said site/page.
How can I auth this app on the second account?
You have to use the OAuth Authentication Flow process.
To do so, you first need to request an authentication link from your Consumer Key and Consumer Secret using https://api.twitter.com/oauth/request_token (doc : https://dev.twitter.com/oauth/reference/post/oauth/request_token).
When you receive a callback or a code, you can use them to execute a second query that is https://api.twitter.com/oauth/access_token as described at https://dev.twitter.com/oauth/reference/post/oauth/access_token. You will want to use the oauth_verifier parameter.
Remember that authentication in Twitter is not an easy process and you should read more about it on Twitter (https://dev.twitter.com/oauth/3-legged) or use a library that will do that for you.
I've been asked to provide client_id and client_secret so that a 3rd party can make a client_credentials grant_type-request to twitter and so do some analytics on our twitter traffic.
If this were Google Analytics or Adwords, I'd go to the relevant panel and add the 3rd party's developer. What do I do for Twitter?
These one answer I've received so far suggests that I need to create my own app and give the other guy the stuff produced by the app-generator. This doesn't make a lot of sense.
PLEASE NOTE
I am not asking from the point of view of the developer but from that of the company on whose behalf the analytics are being performed.
Go to https://dev.twitter.com/apps/new and log in, if necessary
Supply the necessary required fields, accept the TOS, and solve the CAPTCHA.
Submit the form
Copy the consumer key (API key) and consumer secret from the screen into your application
If you also need the access token representing your own account's relationship with the application:
Ensure that your application is configured correctly with the permission level you need (read-only, read-write, read-write-with-direct messages).
On the application's detail page, invoke the "Your access token" feature to automatically negotiate the access token at the permission level you need.
Copy the indicated access token and access token secret from the screen into your application
Be sure and configure your application as needed before attempting the "your access token" step.
I want my desktop app to be able to download survey data for a user with another SM account.
Is this right:
1) I ask them to visit https://developer.surveymonkey.com/api_console
2) They select Custom Application
3) They enter my app's API Key , Client ID , Client Secret , which I give them
4) They click 'Get Access token'
5) SM prompts them to log in; they enter their username and password.
6) They see an Access Token that they copy and paste into an email to me so I can then embed that in code.
Is that it?
Technically this will work, but I really don't recommend this - you're handing them your credentials to your API account, which may be a violation of SurveyMonkey's TOS and is not good practice (as they can start using SurveyMonkey's API as if they are you).
The best way to do this would be to have an embedded browser in your application and show SurveyMonkey's OAuth dialog, and have this redirect to a server you control, which then gives the client secret to SurveyMonkey and then will give you an access token to the client's account which you can store in the app. This is less hassle for the client too, but is more overhead on your end to get it up and running.
You may just be able to host your own 'API console' like SurveyMonkey's, with just the OAuth component, that you could direct your client to - it is not too difficult to implement an OAuth exchange.
SurveyMonkey has an OAuth guide here to help you out with some of the details: https://developer.surveymonkey.com/mashery/guide_oauth
I want to provide a service using the facebook api to third parties. Is it possible for us to share access tokens? If the third party gives my service a user's access token, can I access that users data even if my app_id & secret do not match the app that requested it?
Should I have the users go through a separate oauth flow on my site even if they have already completed it for the other third party?
Thanks.
-ken
Even that user access token is issued only for one app it can be easily used from any other application.
Example:
Get access token for "Graph API Explorer" application here https://developers.facebook.com/tools/explorer/?method=GET&path=me and make a request - you will see your data.
Copy access token and open other machine|browser and go to https://graph.facebook.com/me?access_token=[access_token] - you still able to retrieve information about your Facebook user!
Here https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/ it mentioned that
Our Data Policies explicitly prohibit any sharing of an Access Token for your app with any other app. However, we do allow developers to share Tokens between a native implementation and a server implementation of the same App (ie. using the same App ID) as long as the transfer takes place using HTTPS.
Regarding:
Is it possible for us to share access tokens?
and,
can I access that users data even if my app_id & secret do not match the app that requested it?
The answer is No. From the specs OAuth2 section 10.3:
Access token credentials (as well as any confidential access token attributes) MUST be kept confidential in transit and storage, and only shared among the authorization server, the resource servers the access token is valid for, and the client to whom the access token is issued.
Should I have the users go through a separate oauth flow on my site even if they have already completed it for the other third party?
The answer is Yes. If you're using facebook as authorization server, and you restart the oauth flow again, your user will only need to approve your other app (third party).
Each access token is issued only for one app - it cannot be used with different application IDs.