Twitter bots, read / write permissions and OAuth
16 June 2015
How to automate multiple Twitter accounts with only one phone.
I found some time the other week to build two new Twitter bots that have been on the to-do list for while. As ever I learned a bunch of new stuff in the process, and I thought I’d try to capture the bits that might be useful / interesting to other people.
I’ll deal with how the bots work another time. This post is about the bit that comes first: getting multiple accounts set up to work with the Twitter API.
Many accounts, one phone number
Once upon a time, setting up a Twitter bot was easy. Open a new Twitter account for your bot, create an app from the developer console, grab your API keys and you’re off.
Nowadays, Twitter has (sensibly) strengthened its security rules. The upshot for developers is that you can’t get a full set of API keys for an app unless you have a phone number associated with the parent account. If, like most people, your phone is already associated with your main Twitter account, you appear to have a problem.
The forums are full of people complaining about this.
One solution is to get a bunch of cheap phones or a stack of SIM cards. But there’s actually a far tidier way through. It took me a little while to figure out, so for the benefit of anyone else scratching their head about all this, here it is.
One app to rule them all
The basic idea is this: create a master app owned by our primary Twitter account (the one that already has our phone number associated with it), and then grant it permission to read and write on behalf of our bot account(s). Doing this will get us a full set of API keys:
consumer_secret, which will stay the same
access_token_secret, which are unique to each bot account
Armed with these four keys we can access all the lovely endpoints on the Twitter API.
I’ve jotted down a short step-by-step guide to help you get set up. If you haven’t already got it then you’ll need to install Twurl to manage the authorisation steps.
1. Create a master app
Head to over the Twitter application management page, log in with your primary Twitter account, and create a new app. Once that’s done, find the tab called “keys and access tokens” and grab your two consumer API keys.
2. Generate an authorisation URL
Next we’ll use Twurl to generate an authorisation URL. Open a Terminal window and replace the numbers in the code snippet below with the API keys you got in step 1:
$ twurl authorize --consumer-key 1234567890 --consumer-secret 1235467890
This will spit out a long URL, and present you with a prompt for a PIN. Leave your Terminal window open, and load the URL in your browser.
3. Authorise the app
The URL from step 2 will take you to a page asking you to log in to Twitter. Enter the screen name and password for the bot account you want to control (not your primary account). This will generate a PIN. Head back to your Terminal window, and type the PIN in at the prompt.
4. Extract your API keys
If everything went to plan then your master app should now have permission to read and write on behalf of your bot account, and you can view your new API keys here:
$ cat ~/.twurlrc
Now that you have a full set of API keys you can drop them into your code whenever your bot needs OAuth credentials to connect to the Twitter API.
5. Rinse and repeat
If you want to run more than one bot account then just repeat steps 2 to 4, logging in to the Twitter authorisation page with a different screen name each time.
And that’s it. Have fun, and don’t forget to follow the Twitter automation rules and best practices.