Twitter Application Permission Model Changes

A note for all Twitter application developers, including everyone using monkehTweet...

Twitter have made changes to the application permission model which has an impact on what services your application can manage on behalf of the user, with a particular focus of accessing their Direct Messages.

When setting up a consumer application through Twitter, you were provided with two permission settings -

  1. Read & Write
  2. Read-only

Twitter have now added in a third level of permissions: Read, Write, & Direct Messages.

If your application needs to access the direct messages for authenticated users, you will need to log in to and change the permission settings for your application. This will not change your current consumer key or consumer secret values; the strings themselves will remain the same, but the associated permissions will alter.

Any user logging in to authenticate and approve your application is currently presented with the following permission message:

Twitter application authentication permissions

As mentioned, you will need to log in to to alter your application's permission settings (if you wish/need to access the direct messages)

Once logged in, change the permission settings for your application:

Twitter application - change application permissions

Any user authorising your application will now see the following revised permission message:

Twitter application permissions

Your application has changed it's permission level and any new users will have these settings, but the permission changes have not been applied to existing users.

The permissions are stored / assigned to each user token (to ensure that users have the correct level of access they have approved). If you need to access your user's Direct Messages, all existing users will need to re-authorize to pick up the new permissions and have them applied to their access keys for your application.

If this applies to you, you may need to send out a friendly email to your application's users to ask them to log in and authenticate once more.

For more information, visit the official Twitter FAQ for this issue.

comments powered by Disqus