Create Twitterbot API Access Tokens using Twurl

2 minute read

If you do a quick Google search for “twitterbot”, you’ll find countless articles outlining the steps to setup a Twitterbot account and create the necessary Twitter API keys using this account. Unfortunately, with the recent Twitter Developer platform changes, they have significantly restricted the Developer approval process. In this new environment, it makes little sense to setup a separate Developer account for the purposes of a single Twitterbot (and in all likelihood, the request may be denied by Twitter anyway). This is where the twurl utility comes in.

Twurl is a Ruby utility similar to the Unix tool curl, but designed specifically for the Twitter API. The primary purpose of this tool is for testing and debugging Twitter API calls, but it can also be used to generate Twitter User Access Tokens for Twitter test accounts, or in this case, for a Twitterbot. Twurl can be easily installed using Ruby Gems with this command (assuming you already have Ruby setup on your system).

gem install twurl


Once twurl is installed, follow the usual steps to create a new Twitter Application ID in the Twitter Developer Portal using your primary Twitter Developer account. This process is covered in my previous post regarding the Twitter Developer Platform changes. In addition to this, you will need to setup a separate Twitter account for your bot.

Once you have the Twitter App consumer (API) key and secret you must authorize twurl to make API requests using them. Open the terminal and enter the following command (inserting your Twitter APP api key and secret where appropriate).

twurl authorize --consumer-key API_KEY --consumer-secret API_SECRET

Twurl will return a URL on the command line and prompt you to enter a PIN number. Cut and paste this URL into your browser and authenticate to Twitter using your Twitterbot account username and password. You should then be prompted with the usual Twitter app authorization page.

Twitter Authorize App

Once you click Authorize app, Twitter will return a PIN number

Twitter App Pin

Enter this PIN number in the terminal where prompted by Twurl. Assuming there are no issues, twurl should report Authorization successful. Once this is done, your new Consumer (API) Key, Consumer (API) Secret, Access Token and Access Token Secret will be stored in the .twurlrc file. This file can be viewed in any text editor. For example, on my Raspberry Pi running Raspbian, I opened this file using nano ~/.twurlrc and it looks as follows (keys blanked out).

---
profiles:
  BFTbot:
    5E7GtcDZdcqYWjMxjhdzeZqF1:
      username: BFTbot
      consumer_key: XXXXXXXXXXXXXXXXXXXXXXXXX
      consumer_secret: XXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXX
      token: XXXXXXXXXXXXXXXXXXXXXXXXX
      secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
configuration:
  default_profile:
  - BFTbot
  - 5E7GtcDZdcqYWjMxjhdzeZqF1

You can the cut and paste the consumer_key, consumer_secret, token and secret from this file into your bot script and run it following the usual process (see my previous Twitterbot post for details). Your bot will access the Twitter API and authenticate using your Twitterbot account, with no developer credentials needed.

One item to note, Twitter limits each developer account to a maximum of 10 apps to combat spam and multi-key abuse. If you wish to create more than 10 apps, you will need to follow the steps here to submit a request to Twitter for additional app approvals. Lastly, as any Twitterbots you create are now associated with APP IDs under your primary Twitter account, you will want to ensure they don’t break any of Twitter’s rules to ensure your account stays in good standing. Refer to the Twitter Developer Security Best Practices page for more information.

To contact me, please use the Contact page, or message me on Twitter.

Thanks for reading.