Back in June 2013, Twitter phased out access to their old API, replacing it with the Twitter API version 1.1. The new API requires authentication from any website or App that wants to access any Twitter stream or ‘endpoint’.
There are two types of Twitter API authentication: Application and User. Both types of authentication require the use of access keys which help Twitter monitor endpoint usage and helps them combat spam.
Application authentication requires the generation and use of access keys for the whole website or application, and these same access keys are used regardless of who is visiting your site. User authentication on the other hand generates a set of keys unique to the visitor, but requires the user to sign in to their Twitter account to allow the website use of these user level access keys as well as allowing read only access to the user’s Twitter timeline.
Both Application and User access types are rate limited. For example, the User Timeline endpoint is limited to 180 requests every 15 minutes whereas the Mentions Timeline is limited to 15 requests per 15 minute window.
For this reason, Social Bearing uses Application Authentication for higher rate-limited streams such as search and user timeline but User Authentication for endpoints that have a much lower rate limit including followers, friends and mention streams.
Signing into Twitter to access certain streams means that potentially hundreds of users can view different streams at once without reaching the limits Twitter assign to these endpoints. This would not be possible with Application authentication; rate limits would be applied as a whole to the website and requests would quickly run out, making the lower rate-limited streams inaccessible.
Signing in to Twitter to enable user authentication also means streams only available to the authenticated user can be accessed. This includes the Home Timeline, Mentions and Retweets of Me streams.
The majority of Twitter tools and platforms on the Internet require you to sign in for these reasons. When you try and access a stream that requires user authentication and you are not signed into Twitter via Social Bearing, the below panel will appear.
When you select the ‘Sign in with Twitter’ button, you are then redirected to Twitter where you will be asked to enter your Twitter username and password. Social Bearing has been setup with read only access to Twitter accounts so it is not possible for the website to post tweets for you, follow people or read direct messages. These permissions are shown in the following authorization window.