Get https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=twitterapi&count=2

Question

Problem :

According to the following documents:

https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline.html

I have the oauth user token and the user token secret, plus I have my app credentials...

The docs state that the authentication is supported by Twitter, but how should I include it in the get requests for screen names those are not publicly accessible?

Answer 1

If I understand your question correctly, you need to be able to get the tweets from a third-party user who is with the OAuth token and having the secrets belonging to a user on your site. And the tweets from the third-party users are not obviously publicly accessible, but your user is having all the access rights to them. Am I correct?

So if you need to access private resources on behalf of your user, you must  sign the request with the OAuth token and with your application credentials. Then the Twitter can check, which user is signed in to your site and if the user have given your site the required access rights.

Then that signature is sent within the header of your GET request in a format as following:

e.g.

Authorization: 

OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", 

oauth_signature_method="HMAC-SHA1", 

oauth_timestamp="1318622958", 

oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", 

oauth_version="1.0"

Further Readings :

There is also documentation from Twitter on how to calculate the signature as follows:

https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature