Do I really need a login for *everything*?

Nov 3, 2012 at 12:44 PM


I love the idea behind LINQ to Twitter! Seems like the perfect fit for what I need. Basically I have a mobile/desktop application that does something unrelated to twitter, but instead of writing my own service I thought about delivering "latest news / what people are saying" to the user through Twitter. So when the user opens the application I'd simply go to twitter and get the latest tweets for a certain hashtag and display that, simple.

...Or so I thought, I'm really confused by this new OAth-on-everything-API. I'm trying to do the most basic LINQ search and get back a "Bad Authenticaiton" exception with the new API. Am I doing something wrong here, or is this really how it's suppose to be? Do I have to register my application with Twitter just for doing this very simple search? I don't want my users to have to login to Twitter to get the latest news when the application starts, I just want to do a search and display the result! Am I missing something obvious on how that should be implemented with the new API?

Regards, Victoria

Nov 3, 2012 at 3:29 PM

Hi Victoria,

In the previous version of the Twitter API, v1.0, everything didn't require authentication. However, the new version of the Twitter API, v1.1, does require authentication for every query. Since Twitter is deprecating v1.0 in a matter of months, you wouldn't want to use that anyway because your code will break when Twitter turns off those endpoints. So, I upgraded LINQ to Twitter to support Twitter API v1.1, which also means that authentication is required on all API calls.

The good news is that this process isn't as painful as you might think, especially with LINQ to Twitter. If you haven't worked with OAuth before, here's the LINQ to Twitter documentation that will help give you a background on how OAuth works:

One of the options you have is single user authorization, where you provide the credentials of your authorized application and noone has to log in. The tradeoff with that option is rate limiting where a single account can only perform a certain number of queries. In that case, you would require that each user authenticate before use.


Nov 3, 2012 at 11:39 PM

Thank you so much for you reply! That does look fairly simple, although I'm a bit hesitant about having to embed the credentials in the actual application that's shipped to the user. The token secrets aren't much secret anymore then, are they? I can see this making a whole lot of more sense if you can hide the credentials behind a web server. Anyhow, if that's how Twitter wants it...

One thing though, you mentioned the trade off with rate limiting; let's say I embed the Twitter credentials and distribute the application to, say, 50 people, and during the next hour they perform 20 search queries each - would that count as 1000 queries? If that's the case, I think I'm screwed o__O

Regards, Victoria

Nov 4, 2012 at 12:26 AM

After hearing more about your requirements, I think that using your own credentials will cause problems right away. i.e. if a couple users use all of your quota in a short period of time, the other users are blocked for the next 15 minutes, which would result in painful and difficult to debug support scenarios if you aren't familiar with how rate limiting works.  On rate limits, here's the Twitter docs for more info to help you make design choices:

When you run into 401 errors, check out my FAQ ( and remember that Fiddler ( is your friend.

Here are a few design considerations:

1. Twitter doesn't expire user tokens, so you can save them after the user's first authentication. You can read the Authorizer Credentials property after authorization is complete.

2. On subsequent queries, check to see if you have saved credentials for that user and load them - this will prevent the user from doing the OAuth dance again.

3. Consider caching query results to help avoid going over rate limits.

4. I expose Twitter's rate limit API in LINQ to Twitter via the Help entity with HelpType.RateLimits. You can use this to figure out what your limits are.

5. If you're building a Windows 8 app, the WinRtAuthorizer is the way to go. It's new and not documented a lot, but there's a demo on the Samples page:


Nov 4, 2012 at 9:15 AM

Hi Joe! Great answers. So with the new API, I think Twitter is trying hard to prevent what I want to do; an unmanaged twitter feed that only show data without forcing the user to authenticate or participate. If it's the same query over and over I could, like you said, cache the result on another server and feed the application from there, that could definitely work. I'll have to go think about this and read up some more on the new Twitter API... Even though including a Twitter feed in the application was just a little side project, I'm so impressed with LINQ To Twitter that I want to build something new around it! However, coming from a background in data mining, Twitters rate limiting searching severely limits my imagination on what's possible at the moment. Perhaps I should just bite the bullet and build my new application around requiring all users to have a twitter account (I'd need to sign up myself..).

Thanks again!

Regards, Victoria