Our Philosophy

Twitter has their own internal reasons for wanting to shut off Basic Auth - it probably has a lot to do with serving around 4 billion API requests a day. They need a way to track and manage that and they claim OAuth let's them do that.

Some of the arguments against Basic Auth include:

  1. no user protection
  2. hard to ban spammers
  3. once a spammer gets a set of users they have them until they change their password
  4. hard for companies to use because of legal ramifications (due to storing passwords)

We believe that the approach addresses these issues.

  1. Users have complete control over their passwords. They can revoke or change them at any time, without any impact on their actual Twitter Account or Twitter passwords.
  2. The requests to Twitter are fully OAuth signed so Twitter has complete spam control.
  3. see (1) above
  4. Not applicable because nobody is storing passwords for other users - only for their own accounts, and only revocable API passwords, not real Twitter passwords. See When not to use API proxy service.

Solutions & Use CasesSecurity CenterPhilosophyBlog