There are no app-specific servers.  With OAuth, instead of passing user
credentials, you use YOUR consumer key and consumer secret which identifies
your application.

You get an access token after the user has allowed your application to have
access to their account.  You will then use that access token, your consumer
secret, and your consumer key to make the requests to the API.


On Sat, Nov 7, 2009 at 8:13 AM, Harshad RJ <> wrote:

> Hi,
> I am trying to wrap my mind around OAuth, and I am not sure I understand
> the subtleties.
> Is it possible to make OAuth authenticated requests from browser *directly
> * to the Twitter API? Is it a safe & recommended way?
> Or do all API requests have to go through an application-specific server,
> to keep the credentials a secret?
> My hunch is that yes, an app-specific server would be required. But in that
> case, how do desktop-clients manage it? Or do they also route the calls
> through an intermediary?
> thanks in advance,
> --
> Harshad RJ

Reply via email to