Simple Read-Only Twitter Feed without OAuth

Dec 28, 2012 at 5:33 PM

Hi Everyone,

We would like to know the best way for integrating simple read-only Twitter feeds into an application without having to go through OAuth. The process we were hoping to implement is as follows:

- Administrators of the application would be able to setup a page on the site with a Twitter widget on it that shows content from a public feed. The administrators would setup the page in the application by entering a screen name for the Twitter feed and setting some colours for the widget formatting. 

- Users of the application would come to the page and see the contents of the feed in read only format.

We initially looked at using the Twitter profile widget, however it seems that this widget will be deprecated in March, 2013. The new timeline widget looks good, but it appears that we would not be able to add it to our application dynamically, as each timeline widget for a specific feed has to be created through Twitter.

We have begun looking at a programmatic process using the Twitter V1.1 API, but we would prefer not to have to use OAuth, as our requirement is simply to display read-only feeds. Also, many of our users will not have Twitter accounts, so we wouldn't be able to authenticate them with Twitter.

Based on our investigation so far, it appears that the V1.1 API requires OAuth for all access of Twitter content. Is this correct? Or will there be a way to simply access public feeds in an application without having to set a user context?

Any thoughts would be much appreciated.

 

 

Coordinator
Dec 28, 2012 at 6:36 PM

Hi,

You are correct that Twitter API v1.1 requires OAuth. Since Twitter is deprecating their API v1.0 in March, you might not want to go that route.

Here are a few options to consider to decrease the impact:

1. For administrators, you can use the SingleUserAuthorizer, where you get all four credentials from your app page and don't need to send the admin through the authorization process each time.

2. Using SingleUserAuthorizer for users would be a problem because you have rate limits, based on user. This would cause your application to quickly exceed those limits and your users would receive errors.

3. The exception to #2 is if all users always saw the results of the same query. Then you can request it with your credentials, SingleUserAuthorizer, cache the result and efficiently show the same result to all users.

4. Twitter keeps the same authorization tokens for a user forever. Therefore, you would only need to ask the user to authorize one time. Then you can pull all 4 credentials from the authorizer, save them, and reuse those credentials for that user on all subsequent queries.

@JoeMayo

Dec 28, 2012 at 8:29 PM

Hi Joe

Thanks very much for your quick response. Here is some additional information about our application:

The application is actually a communication and collaboration portal with many Web sites in it. Each Web site has a number of site administrators and potentially a large number of site viewers (we are a large school board with staff and students using the sites). The site administrator would go to a Twitter page on the site and be able to enter up to 4 Twitter public user feeds to track on the page. The site viewers will be able to view the content of the feeds in read only format on the page. The site administrators will most likely have Twitter accounts, but it is highly unlikely that all site viewers will have Twitter accounts (most likely only a small portion will).

Using SingleUserAuthorizer for site viewers clearly won't work, as you say, because we will quickly hit our rate limit as we could have thousands of users viewing the Twitter feed pages every hour. We could cache the content, but we would still probably exceed our limit quickly and we might be forced to display the cached content for quite some time.

Since our users won't have Twitter accounts - and we don't want to force them to create Twitter accounts just to view the read-only public feeds on our site - we cannot go through the OAuth process for all of our users.  Is there no way at all to get a public feed without going through OAuth?

The only other option we can think of is to have the site administrators manually create Timeline widgets for the feeds they want to expose and then provide a way for them to add them to their site. Does that make sense? My understanding is that there is no rate limiting for the timeline feeds.

We really appreciate your help with this.

 

 

 

 

Coordinator
Dec 29, 2012 at 3:45 AM

I think I see. Would it be correct that for a given page, all users will see the same 4 Twitter feeds?

If so, you can have administrators create a separate account for each feed and use SingleUserAuthorizer for each feed. You could handle this a couple different ways: either create a new application for each feed and use that application's credentials, or create a new Twitter user for the feed and do the OAuth process and capture the credentials the first time you set up the feed.

I think this will work because rate limiting is based on user account. The Account entity has a RateLimits query that lets you find out what the rate limit is for a specific API. Most are 60/hour with 15 every 15 minutes, but search is something like 180/hour. You should rely on the RateLimits query as your definitive source as I believe Twitter might tweak this in the future and you can automate caching based on this. So, I think that worst case would be to cache a feed for a minute at a time. With this strategy, you have some architectural decisions on your caching strategy, based on resources and responsiveness. i.e. if you have a lot of pages/feeds your in-memory capacity might not be sufficient, so you may have to rely on secondary storage like files, db, or message queue. There are probably other strategies that increase scalability while maximizing rate-limit usage based on using multiple accounts per feed or user viewing behavior.

@JoeMayo